Authentication Bypass in CGFIDO from Changing Information Technology
CVE-2024-12839
8.8HIGH
Key Information:
- Status
- Vendor
- CVE Published:
- 31 December 2024
What is CVE-2024-12839?
The CGFIDO product from Changing Information Technology has a vulnerability in its device authentication mechanism that allows an unauthenticated remote attacker to bypass authentication. This occurs when a user visits a malicious website, which prompts the agent program on their device to transmit an authentication signature. If an attacker acquires this signature, they can gain unauthorized access to the system utilizing any device, posing serious risks to user security and data integrity.
Affected Version(s)
CGFIDO 0 < 1.2.1