CVE-2022-34772

Name of the Vulnerable Software and Affected Versions Tabit (affected versions not specified)

Description The issue concerns password enumeration in the Tabit system, which uses a 4-digit One-Time Password (OTP). An attacker can resend the OTP and attempt to log in indefinitely, highlighting a lack of rate limiting. This is classified as an example of OWASP API4, related to insufficient rate limiting for API endpoints.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.