CVE-2024-47768 — HIGH (8.1)

Q: How severe is CVE-2024-47768?

CVE-2024-47768 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-47768?

Check the references section above for vendor advisories and patch information. Affected products include: Lifplatforms Lif Authentication Server.

Vulnerability Description

Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacker knew the email of the target, they could supply the email and immediately prompt the server to update the password without ever needing the code. This issue has been patched in version 1.7.3.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lifplatforms	Lif Authentication Server	< 1.7.3

Related Weaknesses (CWE)

CWE-287 CWE-862

References

FAQ

What is CVE-2024-47768?

CVE-2024-47768 is a vulnerability with a CVSS score of 8.1 (HIGH). Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to...

How severe is CVE-2024-47768?

CVE-2024-47768 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-47768?

Check the references section above for vendor advisories and patch information. Affected products include: Lifplatforms Lif Authentication Server.