CVE-2024-51561

This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting and manipulating the responses exchanged during the second factor authentication process. Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for accessing other user accounts.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:*
cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:*

History

06 Nov 2024, 15:59

Type Values Removed Values Added
First Time 63moons wave 2.0
63moons
63moons aero
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332 - () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0332 - Third Party Advisory
CPE cpe:2.3:a:63moons:wave_2.0:*:*:*:*:*:*:*:*
cpe:2.3:a:63moons:aero:*:*:*:*:*:*:*:*
Summary
  • (es) Esta vulnerabilidad existe en Aero debido a la implementación incorrecta del mecanismo de validación OTP en ciertos endpoints de API. Un atacante remoto autenticado podría aprovechar esta vulnerabilidad interceptando y manipulando las respuestas intercambiadas durante el proceso de autenticación de segundo factor. La explotación exitosa de esta vulnerabilidad podría permitir al atacante omitir la verificación OTP para acceder a otras cuentas de usuario.
CWE NVD-CWE-Other

04 Nov 2024, 13:17

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-04 13:17

Updated : 2024-11-06 15:59


NVD link : CVE-2024-51561

Mitre link : CVE-2024-51561

CVE.ORG link : CVE-2024-51561


JSON object : View

Products Affected

63moons

  • aero
  • wave_2.0
CWE
NVD-CWE-Other CWE-807

Reliance on Untrusted Inputs in a Security Decision