Vulnerabilities > Mfasoft

DATE CVE VULNERABILITY TITLE RISK
2024-09-16 CVE-2024-46937 Authorization Bypass Through User-Controlled Key vulnerability in Mfasoft Secure Authentication Server
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication.
network
low complexity
mfasoft CWE-639
7.5