2 matches found
CVE-2021-41093
Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an authentication cookie. See...
CVE-2021-41093
CVE-2021-41093 concerns Wire, an open-source secure messenger. Affected: Wire iOS components where an attacker with an old but valid access token could takeover the account by changing the user email. Root cause: improper session/token handling that allows account takeover. Impact: high risk (per...