CVE-2022-37144

The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user.
References
Link Resource
http://plextrac.com Product
https://www.controlgap.com/blog/a-plextrac-story Technical Description Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:plextrac:plextrac:*:*:*:*:*:*:*:*

Information

Published : 2022-09-08 01:15

Updated : 2022-09-13 01:29


NVD link : CVE-2022-37144

Mitre link : CVE-2022-37144

Products Affected
No products.
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts