Tabit System Vulnerability: Password Enumeration via OTP Resend

Tabit System Vulnerability: Password Enumeration via OTP Resend

CVE-2022-34772 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting.

Learn more about our Api Penetration Testing.