OpenCTI's lack of Rate Limit lead to OTP brute forcing
CVE-2024-45404

8.1HIGH

Key Information:

Vendor: Opencti-platform
Status: Opencti
Vendor: CVE Published:; 12 December 2024

🔔 Create Opencti-platform Vulnerability Alert

What is CVE-2024-45404?

The OpenCTI platform, an open-source tool for cyber threat intelligence, contains a vulnerability affecting versions prior to 6.2.18, where the absence of rate limiting on One Time Password (OTP) requests allows attackers with valid credentials to bypass two-factor authentication mechanisms. Internal threats are also a risk, as malicious users can exploit this flaw to gain unauthorized access to accounts. Without a patch currently available, the security of OpenCTI installations relying on these older versions is at risk.

Affected Version(s)

opencti < 6.2.8

References

https://github.com/OpenCTI-Platform/opencti/security/advi...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2024

CVE-2024-45404 Data

JSON