Vulnerabilities > CVE-2024-46937 - Authorization Bypass Through User-Controlled Key vulnerability in Mfasoft Secure Authentication Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the serial parameter by number identifier: GA00001, GA00002, GA00003, etc.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |