CVE-2020-24655 — MEDIUM (5.1)

Vulnerability Description

A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices (effectively bypassing the PIN requirement).

CVSS Score

5.1

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Twilio	Authy 2-Factor Authentication	24.3.7

Related Weaknesses (CWE)

CWE-362

References

https://www.twilio.com/changelogVendor Advisory
https://www.twilio.com/changelogVendor Advisory

FAQ

What is CVE-2020-24655?

CVE-2020-24655 is a vulnerability with a CVSS score of 5.1 (MEDIUM). A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a...

How severe is CVE-2020-24655?

CVE-2020-24655 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-24655?

Check the references section above for vendor advisories and patch information. Affected products include: Twilio Authy 2-Factor Authentication.