CVE-2023-33291

Summary

CVE-2023-33291 is a vulnerability affecting ebankIT 6 that enables the generation of One-Time Password (OTP) messages through its public endpoints /public/token/Email/generate and /public/token/SMS/generate. Unlike other vulnerabilities, this issue does not allow unauthorized access to registered email addresses or phone numbers; instead, it permits the creation of OTPs for any unregistered e-mail address or phone number. This weakness could potentially be exploited by attackers to gain access to user accounts, leading to financial losses or data breaches. It is essential for ebankIT users to apply the necessary patches as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.