Authentication Bypass Vulnerability in CGFIDO from Changing Information Technology
CVE-2024-12838
8.8HIGH
Key Information:
- Status
- Vendor
- CVE Published:
- 31 December 2024
What is CVE-2024-12838?
The passwordless login mechanism in CGFIDO from Changing Information Technology has a significant flaw that permits an Authentication Bypass. This vulnerability enables remote attackers to strategically craft requests that can allow them to impersonate any user within the system, including users with administrative privileges. The implications of this vulnerability can undermine the overall integrity and security of user accounts, making it critical for organizations utilizing this product to address the flaw promptly to safeguard user data and system access.
Affected Version(s)
CGFIDO 0.0.1 < 1.1.0