PT-2024-29344 · Kaiten · Kaiten
Artemy-Ccrsky
·
Published
2024-10-01
·
Updated
2024-10-04
·
CVE-2024-41276
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Kaiten versions 57.131.12 and earlier
Description
A vulnerability in the PIN code authentication mechanism allows attackers to bypass it. The application requires users to input a 6-digit PIN code sent to their email for authorization after entering their login credentials. However, the request limiting mechanism can be easily bypassed, enabling attackers to perform a brute force attack to guess the correct PIN and gain unauthorized access to the application.
Recommendations
For versions 57.131.12 and earlier, patch the application immediately and enforce strong authentication policies to prevent brute-force attacks. As a temporary workaround, consider restricting access to the PIN code authentication mechanism until a patch is available.
Exploit
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kaiten