Race Condition Vulnerability in Twilio Authy 2-Factor Authentication for Android
CVE-2020-24655

5.1MEDIUM

Key Information:

Vendor: Twilio
Status: Authy 2-factor Authentication
Vendor: CVE Published:; 10 September 2020

What is CVE-2020-24655?

A race condition in the Twilio Authy 2-Factor Authentication application for Android allows users with older devices to approve or deny access requests before unlocking the app with a PIN. This vulnerability can effectively bypass the expected security requirement of PIN entry, potentially exposing sensitive user data and compromising account security.

References

https://www.twilio.com/changelog

x_refsource_CONFIRM

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2020
Vulnerability Reserved
Aug 26, 2020