19 matches found
CVE-2020-24655
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices effectively bypassing the PIN requirement...
CVE-2024-39891
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...
EUVD-2020-17370
Malware in sbrugna...
The vulnerability of the final point of the application software interface of a two-factor authentication system based on generating security tokens with Twilio Authy allows a perpetrator to disclose sensitive information.
The vulnerability of the final point of the application software interface for two-factor authentication based on token generation by Twilio Authy is related to the disclosure of information due to incompatibility. Exploiting this vulnerability could allow a malicious actor to disclose the...
CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added two security flaws to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2012-4792 CVSS score: 9.3 - Microsoft Internet Explorer Use-After-Fr...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2012-4792 Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 Twilio Authy Information Disclosure Vulnerability These types of vulnerabilities a...
ShinyHunters Leak 33M Twilio Authy Phone Numbers, Neiman Marcus and Truist Bank Data
ShinyHunters hackers have taken responsibility for three high-profile data breaches involving Neiman Marcus, Truist Bank, and Twilio Authy,…...
CVE-2024-39891
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...
CVE-2024-39891
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...
VulnCheck KEV: CVE-2024-39891
Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy...
CVE-2024-39891
CVE-2024-39891 describes a information-disclosure bug in the Twilio Authy API: an unauthenticated endpoint accepts a stream of phone numbers and returns whether each is registered with Authy. Affected software is Twilio Authy on Android before 25.1.0 and iOS before 26.1.0. The vulnerability was e...
Twilio Authy API Security Vulnerability
Twilio Authy API is an authorization interface from Twilio, Inc. It is used to build two-factor authentication, passwordless login and secure authorization for developers. A security vulnerability exists in Twilio Authy API for Android versions prior to 25.1.0, Twilio Authy API for iOS versions...
CVE-2024-39891
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...
CVE-2024-39891
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...
PT-2024-5376 · Twilio · Twilio Authy Android +2
Name of the Vulnerable Software and Affected Versions: Twilio Authy Android versions prior to 25.1.0 Twilio Authy iOS versions prior to 26.1.0 Description: The issue concerns an unauthenticated endpoint in the Twilio Authy API that provided access to certain phone-number data. This endpoint...
CVE-2020-24655
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices effectively bypassing the PIN requirement...
CVE-2020-24655
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices effectively bypassing the PIN requirement...
CVE-2020-24655
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices effectively bypassing the PIN requirement...
CVE-2020-24655
The CVE-2020-24655 entry concerns the Twilio Authy 2-Factor Authentication Android app, affected only for versions prior to 24.3.7. A race condition could allow a user to approve or deny an access request before unlocking the app with a PIN on older Android devices, effectively bypassing the PIN ...