This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X63moons Aero
APP63Moons< 12082024155063moons Wave 2.0
APP63Moons< 1.1.7
Powiązane podatności
Brak ograniczeń liczby prób logowania w Wave 2.0 (brute force)
Obejście weryfikacji OTP w produktach 63Moons Aero i Wave 2.0
This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API...
This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An au...
This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API...