Veracode Vulnerability DatabaseVERACODE:43933Broken Authentication
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS
Percentile
20.2%
homeassistant is vulnerable due to Broken Authentication. An attacker could exploit this vulnerability by tricking a user into clicking on a malicious link. The link would direct the user to a malicious website that would initiate the OAuth2 login process with a specially crafted redirect URI. If the user authenticates, the malicious website would receive the user’s access token, which could then be used to access the user’s Home Assistant instance.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS
Percentile
20.2%