This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user OTP, MPIN or password, which could lead to gain unauthorized access and compromise other user accounts.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X63moons Aero
APP63Moons< 12082024155063moons Wave 2.0
APP63Moons< 1.1.7
Related vulnerabilities
Obejście weryfikacji OTP w produktach 63Moons Aero i Wave 2.0
This vulnerability exists in the Wave 2.0 due to insufficient encryption of sensitive data received at the API...
This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An ...
This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An au...
This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API...