CVE-2024-51558

Name of the Vulnerable Software and Affected Versions Wave 2.0

Description This issue is due to missing restrictions for excessive failed authentication attempts on the API-based login. A remote attacker could exploit this by conducting a brute force attack against legitimate user OTP, MPIN, or password, potentially gaining unauthorized access and compromising other user accounts.

Recommendations For Wave 2.0, consider implementing restrictions on failed login attempts through the API to prevent brute force attacks. As a temporary workaround, restrict access to the API-based login until a more permanent solution is available.