PT-2020-15795 · Twilio · Twilio Authy 2-Factor Authentication

Published

2020-09-10

Updated

2020-09-16

CVE-2020-24655

CVSS v3.1

5.1

Medium

Vector

AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Twilio Authy 2-Factor Authentication versions prior to 24.3.7

Description A race condition in the application allows a user to potentially approve or deny an access request before unlocking the application with a PIN on older Android devices, effectively bypassing the PIN requirement.

Recommendations For versions prior to 24.3.7, update to version 24.3.7 or later to resolve the issue.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2020-24655

Affected Products

Twilio Authy 2-Factor Authentication

PT-2020-15795 · Twilio · Twilio Authy 2-Factor Authentication

CVE-2020-24655

Weakness Enumeration

Related Identifiers

Affected Products

References · 3