Excessive MFA TOTP Submission Brute Force Vulnerability in PlexTrac Platform

Excessive MFA TOTP Submission Brute Force Vulnerability in PlexTrac Platform

CVE-2022-37144 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The PlexTrac platform prior to API version 1.17.0 does not restrict excessive MFA TOTP submission attempts. An unauthenticated remote attacker in possession of a valid username and password can bruteforce their way past MFA protections to login as the targeted user.

Learn more about our Api Penetration Testing.