30 matches found
CVE-2020-24655
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices effectively bypassing the PIN requirement...
CVE-2024-39891
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...
EUVD-2020-17370
Malware in sbrugna...
The vulnerability of the final point of the application software interface of a two-factor authentication system based on generating security tokens with Twilio Authy allows a perpetrator to disclose sensitive information.
The vulnerability of the final point of the application software interface for two-factor authentication based on token generation by Twilio Authy is related to the disclosure of information due to incompatibility. Exploiting this vulnerability could allow a malicious actor to disclose the...
CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added two security flaws to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2012-4792 CVSS score: 9.3 - Microsoft Internet Explorer Use-After-Fr...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2012-4792 Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 Twilio Authy Information Disclosure Vulnerability These types of vulnerabilities a...
Twilio Authy Information Disclosure Vulnerability
Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy...
ShinyHunters Leak 33M Twilio Authy Phone Numbers, Neiman Marcus and Truist Bank Data
ShinyHunters hackers have taken responsibility for three high-profile data breaches involving Neiman Marcus, Truist Bank, and Twilio Authy,…...
Authy phone numbers accessed by cybercriminals, warns Twilio
Twilio has warned users of the Authy multi-factor authentication MFA app about an incident in which cybercriminals may have obtained their phone numbers. Twilio said the cybercriminals abused an unsecured Application Programming Interface API endpoint to verify the phone numbers of millions of...
Twilio's Authy App Attack Exposes Millions of Phone Numbers
Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users' cell phone numbers. The company said it took steps to secure the endpoint to no longer accept...
CVE-2024-39891
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...
CVE-2024-39891
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...
CVE-2024-39891
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...
CVE-2024-39891
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...
VulnCheck KEV: CVE-2024-39891
Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy...
Twilio Authy API Security Vulnerability
Twilio Authy API is an authorization interface from Twilio, Inc. It is used to build two-factor authentication, passwordless login and secure authorization for developers. A security vulnerability exists in Twilio Authy API for Android versions prior to 25.1.0, Twilio Authy API for iOS versions...
CVE-2024-39891
CVE-2024-39891 describes a information-disclosure bug in the Twilio Authy API: an unauthenticated endpoint accepts a stream of phone numbers and returns whether each is registered with Authy. Affected software is Twilio Authy on Android before 25.1.0 and iOS before 26.1.0. The vulnerability was e...
CVE-2024-39891
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and...
PT-2024-5376 · Twilio · Twilio Authy Android +2
Name of the Vulnerable Software and Affected Versions: Twilio Authy Android versions prior to 25.1.0 Twilio Authy iOS versions prior to 26.1.0 Description: The issue concerns an unauthenticated endpoint in the Twilio Authy API that provided access to certain phone-number data. This endpoint...
Twilio data breach turns out to be more elaborate than suspected
Earlier this month, messaging service Twilio got compromised by a sophisticated social engineering attack. After deploying phishing attacks against company employees, hackers were able to access user data, but now it seems that the impact of the hack was more elaborate than originally assumed. In...