PT-2024-15060 · Unknown · Hearing Tracking System

Published

2024-02-09

Updated

2024-02-15

CVE-2023-6724

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Hearing Tracking System versions prior to IOS 7.0 Hearing Tracking System for Android version 1.0

Description The issue allows authentication abuse through an authorization bypass using a user-controlled key. This affects the Hearing Tracking System, enabling potential authentication abuse.

Recommendations For Hearing Tracking System versions prior to IOS 7.0, update to a version that includes the necessary security patches. For Hearing Tracking System for Android version 1.0, consider disabling authentication mechanisms that rely on user-controlled keys until a patch is available.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2023-6724

Affected Products

Hearing Tracking System

PT-2024-15060 · Unknown · Hearing Tracking System

CVE-2023-6724

Weakness Enumeration

Related Identifiers

Affected Products

References · 8