CVE-2024-36250
09.11.2024, 18:15
Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail toprotect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within~30 secondsEnginsight
| Vendor | Product | Version |
|---|---|---|
| mattermost | mattermost_server | 9.5.0 ≤ 𝑥 < 9.5.11 |
| mattermost | mattermost_server | 9.11.0 ≤ 𝑥 < 9.11.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-303 - Incorrect Implementation of Authentication AlgorithmThe requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.
- CWE-294 - Authentication Bypass by Capture-replayA capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
References