9 matches found
EUVD-2024-41714
Malicious code in bioql PyPI...
CVE-2025-10658
The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.3.7. This is due to missing rate limiting on the OTP verification for guest login. This makes it possible for unauthenticated attackers ...
CVE-2025-48375 Schule Missing Rate Limiting on OTP Email Requests – Susceptible to Abuse & DoS
Schule is open-source school management system software. Prior to version 1.0.1, the file forgotpassword.php or equivalent endpoint responsible for email-based OTP generation lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This vulnerability can be...
CVE-2024-45404
OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the...
CVE-2024-45404
OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the...
CVE-2024-45404 OpenCTI's lack of Rate Limit lead to OTP brute forcing
OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the...
CVE-2024-45404
CVE-2024-45404 affects OpenCTI prior to 6.2.18. The root cause is the absence of rate limiting on the OTP mechanism, specifically the otpLogin mutation, enabling an attacker with valid credentials (or a malicious insider) to bypass two-factor authentication and hijack an account. Evidence from mu...
PT-2024-31608 · Opencti · Opencti
Name of the Vulnerable Software and Affected Versions: OpenCTI versions prior to 6.2.18 Description: The issue affects the two-factor authentication mechanism in OpenCTI, an open-source cyber threat intelligence platform. Due to the lack of a function to limit the rate of One Time Passwords OTPs,...
CVE-2024-45788 No Rate Limiting Vulnerability
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP...