CVE-2022-37144

Name of the Vulnerable Software and Affected Versions PlexTrac platform versions prior to 1.17.0

Description The issue allows an unauthenticated remote attacker with a valid username and password to bruteforce their way past MFA protections and login as the targeted user due to the lack of restriction on excessive MFA TOTP submission attempts.

Recommendations For versions prior to 1.17.0, update to API version 1.17.0 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to restrict excessive login attempts.