2 matches found
CVE-2024-45404
OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the...
CVE-2024-45404
CVE-2024-45404 affects OpenCTI prior to 6.2.18. The root cause is the absence of rate limiting on the OTP mechanism, specifically the otpLogin mutation, enabling an attacker with valid credentials (or a malicious insider) to bypass two-factor authentication and hijack an account. Evidence from mu...