Отправить #592074: Tenda TDSEE mobile application 1.7.12 Authorization BypassИнформация

НазваниеTenda TDSEE mobile application 1.7.12 Authorization Bypass
ОписаниеIn the TDSEE app, I found there was no rate limit in the confirmation code requests in the password reset functionality, resulting in account takeover. Knowing the victim’s email, the attacker could change the account password by going through the 6-digit password reset confirmation code. In the application version 1.7.15, the vendor released a patch, setting a limit on the number of requests per second. Sources: https://blog.kevgen.ru/posts/account_takeover_in_tdsee_app/ https://github.com/k3vg3n/researches/blob/main/Account_takeover_in_TDSEE_app.md
Источник⚠️ https://blog.kevgen.ru/posts/account_takeover_in_tdsee_app/
Пользователь
 k3vg3n (UID 86142)
Представление06.06.2025 19:44 (11 месяцы назад)
Модерация08.06.2025 15:30 (2 days later)
Статуспринято
Запись VulDB311623 [Tenda TDSEE App до 1.7.12 Password Reset Confirmation Code /app/ConfirmSmsCode раскрытие информации]
Баллы20

ПредыдущийОбзорДалее

Do you want to use VulDB in your project?

Use the official API to access entries easily!