CVE-2024-51558

This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user OTP, MPIN or password, which could lead to gain unauthorized access and compromise other user accounts.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:*
cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:*

History

08 Nov 2024, 15:19

Type Values Removed Values Added
References () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332 - () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
Summary
  • (es) Esta vulnerabilidad existe en Wave 2.0 debido a la falta de restricciones para los intentos de autenticación fallidos excesivos en su inicio de sesión basado en API. Un atacante remoto podría aprovechar esta vulnerabilidad realizando un ataque de fuerza bruta contra el OTP, MPIN o contraseña de un usuario legítimo, lo que podría generar acceso no autorizado y comprometer otras cuentas de usuario.
CPE cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:*
cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:*
First Time 63moons wave 2.0
63moons
63moons aero

04 Nov 2024, 13:17

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-04 13:17

Updated : 2024-11-08 15:19


NVD link : CVE-2024-51558

Mitre link : CVE-2024-51558

CVE.ORG link : CVE-2024-51558


JSON object : View

Products Affected

63moons

  • aero
  • wave_2.0
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts