exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 2

CVE-2024-32868

почти 2 года назад

ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a `Lockout Policy` with a maximum amount of failed password check attempts, there was no such mechanism for (T)OTP checks. This issue has been patched in version 2.50.0.

CVSS3: 6.5

EPSS: Низкий

GHSA-7j7j-66cv-m239

почти 2 года назад

ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass

CVSS3: 6.5

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2024-32868 ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a `Lockout Policy` with a maximum amount of failed password check attempts, there was no such mechanism for (T)OTP checks. This issue has been patched in version 2.50.0.	CVSS3: 6.5	0% Низкий	почти 2 года назад
	GHSA-7j7j-66cv-m239 ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass	CVSS3: 6.5	0% Низкий	почти 2 года назад

Уязвимостей на страницу