| शीर्षक | CodeWise Technologies, Tornet Scooter (Mobile APP) 4.75 Improper Restriction of Excessive Authentication Attempts (CWE-3 |
|---|
| विवरण | The two-factor authentication endpoint (/TwoFactor) does not implement rate limiting or account lockout mechanisms. An attacker who obtains a victim's phone number can brute-force the 4-digit OTP (10,000 possible combinations) via concurrent requests, gaining unauthorized access to the victim's account. The vulnerability was reported to the vendor on 2025-10-24 with no response received. |
|---|
| स्रोत | ⚠️ https://drive.proton.me/urls/M0WFM4137W#MY0jA6pjHYPO |
|---|
| उपयोगकर्ता | caginkyr (UID 96143) |
|---|
| सबमिशन | 08/04/2026 02:44 PM (2 महीनों पहले) |
|---|
| संयम | 02/05/2026 10:14 AM (24 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360819 [CodeWise Tornet Scooter Mobile App 4.75 पर iOS/Android /TwoFactor सूचना का प्रकटीकरण] |
|---|
| अंक | 19 |
|---|