Vulnerabilities > CVE-2023-49949 - Incorrect Authorization vulnerability in Passwork 4.6.13/5.0.9

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
passwork
CWE-863
NVD
Published: 2023-12-26
Updated: 2024-01-04

Summary

Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes.

Vulnerable Configurations

Part Description Count
Application
Passwork
2

Common Weakness Enumeration (CWE)

References