2 matches found
CVE-2022-45635
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy...
CVE-2022-45635
MEGAFEIS DBD+ mobile app for iOS/Android v1.4.4 is affected by CVE-2022-45635. The issue is due to an insecure password policy and lack of rate limiting on the Megafeis back-end API, enabling exposure of sensitive account information. A PoC/exploit exists (WithSecure megafeis-palm repository) and...