Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5.
The error classified as CWE-307 involves the lack of proper restriction on excessive authentication attempts (Improper Restriction of Excessive Authentication Attempts). Attackers can repeatedly send login requests without account lockout, time limits, or CAPTCHA mechanisms, enabling brute-force or credential stuffing attacks. As a result, it is possible to guess or bypass credentials and gain unauthorized access to a user account.
Attackers can gain unauthorized access to user accounts in the application, leading to violations of confidentiality, integrity, and data availability. Full account compromise is possible without any interaction from the victim.
Update the Pause+ Mobile App to version v1.5 or newer. Detailed information is available in the manufacturer's security bulletin at: https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0368
Pause+ Mobile App versions from v1.0.6 to (not including) v1.5 — manufacturer: Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H