CVE-2025-48372

Name of the Vulnerable Software and Affected Versions Schule versions prior to 1.0.1

Description The issue concerns the generateOTP() function, which generates a 4-digit numeric One-Time Password (OTP) with a limited range of 9000 possible combinations. This small keyspace makes the OTP highly vulnerable to brute-force attacks, especially in the absence of strong rate-limiting or lockout mechanisms.

Recommendations For versions prior to 1.0.1, update to version 1.0.1 to fix the issue. As a temporary workaround, consider implementing strong rate-limiting or lockout mechanisms to minimize the risk of exploitation. Restrict access to the generateOTP() function until the issue is resolved.