aiM-Star 2.0.1 Vulnerability: OTP Bombing/Flooding via Missing Rate Limiting
CVE-2024-45788

7.5HIGH

Key Information:

Vendor: Reedos Software Solutions
Status: Mutual Fund Distribution Product (aim-star)
Vendor: CVE Published:; 11 September 2024

🔔 Create Reedos Software Solutions Vulnerability Alert

What is CVE-2024-45788?

The vulnerability in Reedos aiM-Star version 2.0.1 stems from inadequate rate limiting on one-time password (OTP) requests at specific API endpoints. This oversight allows an authenticated remote attacker to flood the targeted system with multiple OTP requests, a scenario often referred to as OTP bombing. The potential for such exploitation poses risks, as it could disrupt service and impact user access. Organizations using this version of aiM-Star should assess their configurations and implement appropriate measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

Mutual Fund Distribution Product (aiM-Star) 2.0.1

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOT...

third-party-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2024
Vulnerability Reserved
Sep 9, 2024

Credit

This vulnerability is reported by Mohit Gadiya.