CVE-2024-51557

Name of the Vulnerable Software and Affected Versions Wave 2.0

Description This issue exists due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this by sending multiple OTP requests through the vulnerable API endpoint, leading to OTP bombing or flooding on the targeted system. The vulnerability is related to improper control of interaction frequency.

Recommendations For Wave 2.0, patch to the latest version as soon as possible and monitor for suspicious activity. As a temporary workaround, consider restricting access to the vulnerable API endpoint to minimize the risk of exploitation.