Vulnerabilities > CVE-2024-45404 - Improper Restriction of Excessive Authentication Attempts vulnerability in Citeum Opencti

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
citeum
CWE-307
NVD
Published: 2024-12-12
Updated: 2025-05-17

Summary

OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the account. This is because the otpLogin mutation does not implement One Time Password rate limiting. As of time of publication, it is unknown whether a patch is available.

Vulnerable Configurations

Part Description Count
Application
Citeum
216

Common Weakness Enumeration (CWE)

References