CVE-2024-11022

CVSS 3.1 Score 5.6 of 10 (medium)

Details

Published Dec 6, 2024
CWE ID 323

Summary

CVE-2024-11022 is a vulnerability affecting the authentication process of a web server. Instead of using a unique challenge for each login attempt, the server reuses the same challenge multiple times. An attacker can intercept and replay a valid challenge-response pair to gain unauthorized access, exploiting this replay attack vulnerability. This weakness could lead to serious security consequences, including unauthorized account access and potential data breaches. It is recommended that affected organizations update their web server configurations to use unique challenges or implement other security measures to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share