CVE-2023-24080

Name of the Vulnerable Software and Affected Versions Chamberlain myQ version 5.222.0.32277

Description The issue is related to insufficient restriction of authentication attempts, allowing a remote attacker to bypass existing security restrictions using a brute force attack. This is due to a lack of rate limiting on the password reset endpoint, which enables attackers to compromise user accounts via a brute force attack.

Recommendations For version 5.222.0.32277, consider disabling the password reset feature until a patch is available to prevent brute force attacks. Restrict access to the password reset endpoint to minimize the risk of exploitation. Avoid using the password reset feature in the affected version until the issue is resolved.