CVE-2024-41276

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 1, 2024

Updated: Oct 4, 2024

CWE ID 307

Summary

CVE-2024-41276 is a newly disclosed vulnerability affecting Kaiten version 57.131.12 and earlier. The flaw enables attackers to bypass the PIN code authentication mechanism, which requires users to enter a 6-digit code sent to their email for authorization. Despite this security measure, the request limiting mechanism can be circumvented, permitting attackers to execute brute force attacks and ultimately guess the correct PIN code, granting unauthorized access to the application.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xFPBjI
https://www.cve.org/CVERecord?id=CVE-2024-41276
https://nvd.nist.gov/vuln/detail/CVE-2024-41276

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-41276

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations