CVE-2022-34771

Name of the Vulnerable Software and Affected Versions Tabit (affected versions not specified)

Description The issue allows an adversary to send messages on Tabit's behalf to anyone registered on the system. The resend OTP API receives parameters such as phone number and CustomMessage, which can be used to craft malicious messages to any user of the system. Additionally, the API may have template injection potential, as entering {{OTP}} in the custom message field formats it into an OTP.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.