CVE-2024-45404

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Dec 12, 2024
CWE ID 287

Summary

CVE-2024-45404 is a vulnerability affecting OpenCTI, an open-source cyber threat intelligence platform. In versions prior to 6.2.18, the platform does not limit the rate of One-Time Passwords (OTP) during the login process. This lack of rate limiting allows an attacker with valid credentials or a malicious insider to bypass two-factor authentication, potentially hijacking user accounts. The otpLogin mutation is the specific component that does not implement OTP rate limiting, and it is currently unknown if a patch is available to address this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share