Brute Force Vulnerability in KioWare for Windows Allows Unauthorized Access
CVE-2024-3461

5.5MEDIUM

Key Information:

Vendor

Kioware

Status
Kioware
Vendor
CVE Published:
14 May 2024

What is CVE-2024-3461?

A security vulnerability exists in KioWare for Windows that allows attackers to perform brute force attacks against the PIN that secures the application. This weakness arises from the lack of protective mechanisms that would limit the number of incorrect attempts a user can make when guessing the PIN. As a result, unauthorized users could potentially gain access to the application by systematically trying various PIN combinations. Users and administrators of KioWare for Windows should consider implementing additional security measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

Kioware Windows 0 <= 8.35

References

https://cert.pl/posts/2024/04/CVE-2024-3459
third-party-advisory
https://cert.pl/en/posts/2024/04/CVE-2024-3459
third-party-advisory
https://www.kioware.com/
product

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Maksymilian Kubiak [Afine Team]
.