3 matches found
CVE-2023-33291
In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. It cannot be exploited with e-mail addresses or phone numbers that are registered in the application...
CVE-2023-33291
In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. It cannot be exploited with e-mail addresses or phone numbers that are registered in the application...
CVE-2023-33291
In ebankIT version 6, CVE-2023-33291, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any email or phone number without validation. The issue, described across multiple sources, relies on insecure public APIs that can be probed ...