CVE-2022-34772

Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting...

CVE-2022-34772

Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting...

Default credentials

Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting...

PT-2022-22323 · Tabit · Tabit

Name of the Vulnerable Software and Affected Versions: Tabit affected versions not specified Description: The issue concerns password enumeration in the Tabit system, which uses a 4-digit One-Time Password OTP. An attacker can resend the OTP and attempt to log in indefinitely, highlighting a lack...

PT-2022-22322 · Tabit · Tabit

Name of the Vulnerable Software and Affected Versions: Tabit affected versions not specified Description: The issue allows an adversary to send messages on Tabit's behalf to anyone registered on the system. The resend OTP API receives parameters such as phone number and CustomMessage, which can b...

CVE-2022-34770

Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoD...

CVE-2022-34772

Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting...