CVE-2024-47086
OTP Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
This vulnerability exists in LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API response.
Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for other user accounts.
This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by providing arbitrary OTP value for authentication and subsequently changing its API response.
Successful exploitation of this vulnerability could allow the attacker to bypass OTP verification for other user accounts.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-09-18 CVE Reserved
- 2024-09-19 CVE Published
- 2024-09-19 CVE Updated
- 2024-09-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-302: Authentication Bypass by Assumed-Immutable Data
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0296 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apex Softcell Search vendor "Apex Softcell" | LD DP Back Office Search vendor "Apex Softcell" for product "LD DP Back Office" | < 24.8.21.1 Search vendor "Apex Softcell" for product "LD DP Back Office" and version " < 24.8.21.1" | en |
Affected
| ||||||