Authentication Bypass Vulnerability in CGFIDO from Changing Information Technology
CVE-2024-12838

8.8HIGH

Key Information:

Vendor: Changing Information Technology
Status: Cgfido
Vendor: CVE Published:; 31 December 2024

🔔 Create Changing Information Technology Vulnerability Alert

What is CVE-2024-12838?

The passwordless login mechanism in CGFIDO from Changing Information Technology has a significant flaw that permits an Authentication Bypass. This vulnerability enables remote attackers to strategically craft requests that can allow them to impersonate any user within the system, including users with administrative privileges. The implications of this vulnerability can undermine the overall integrity and security of user accounts, making it critical for organizations utilizing this product to address the flaw promptly to safeguard user data and system access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CGFIDO 0.0.1 < 1.1.0

References

https://www.twcert.org.tw/tw/cp-132-8332-2100f-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8333-32cf8-2.html

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 31, 2024

JSON

Changing Information Technology

What is CVE-2024-12838?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.