Unlimited Attempts Vulnerability in Hozard Alarm System v1.0 Allows Brute Force Attack on SMS Authentication

Unlimited Attempts Vulnerability in Hozard Alarm System v1.0 Allows Brute Force Attack on SMS Authentication

CVE-2023-50123 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited. This could allow an attacker to perform a brute force on the SMS authentication, to bring the alarm system to a disarmed state.

Learn more about our Web Application Penetration Testing UK.