Submeter #799987: CodeWise Technologies, Tornet Scooter (Mobile APP) 4.75 Improper Restriction of Excessive Authentication Attempts (CWE-3informação

TítuloCodeWise Technologies, Tornet Scooter (Mobile APP) 4.75 Improper Restriction of Excessive Authentication Attempts (CWE-3
DescriçãoThe two-factor authentication endpoint (/TwoFactor) does not implement rate limiting or account lockout mechanisms. An attacker who obtains a victim's phone number can brute-force the 4-digit OTP (10,000 possible combinations) via concurrent requests, gaining unauthorized access to the victim's account. The vulnerability was reported to the vendor on 2025-10-24 with no response received.
Fonte⚠️ https://drive.proton.me/urls/M0WFM4137W#MY0jA6pjHYPO
Utilizador
 caginkyr (UID 96143)
Submissão08/04/2026 14h44 (há 2 meses)
Moderação02/05/2026 10h14 (24 days later)
EstadoAceite
Entrada VulDB360819 [CodeWise Tornet Scooter Mobile App 4.75 em iOS/Android /TwoFactor Divulgação de Informação]
Pontos19

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!