Описание
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices (effectively bypassing the PIN requirement).
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:twilio:authy_2-factor_authentication:24.3.7:*:*:*:*:android:*:*
EPSS
Процентиль: 17%
0.00053
Низкий
5.1 Medium
CVSS3
1.9 Low
CVSS2
Дефекты
CWE-362
Связанные уязвимости
github
больше 3 лет назад
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices (effectively bypassing the PIN requirement).
EPSS
Процентиль: 17%
0.00053
Низкий
5.1 Medium
CVSS3
1.9 Low
CVSS2
Дефекты
CWE-362