Excessive Authentication Vulnerability in Excitel Broadband Private my Excitel App for Android
CVE-2025-1629

5.1MEDIUM

Key Information:

Vendor
Excitel Broadband Private
Status
My Excitel App
Vendor
CVE Published:
24 February 2025

Summary

A vulnerability has been identified in the my Excitel App version 3.13.0 for Android, specifically within the One-Time Password (OTP) Handler component. This issue allows attackers to manipulate the authentication process, leading to an improper restriction of excessive authentication attempts. As a result, it poses a risk that could allow for brute force attacks and unauthorized access. The vendor, Excitel Broadband Private Ltd., was made aware of this issue; however, no response was received regarding the security disclosure. Secure your applications and be aware of potential threats from this vulnerability.

Affected Version(s)

my Excitel App 3.13.0

References

https://vuldb.com/?id.296610
vdb-entry
https://vuldb.com/?ctiid.296610
signaturepermissions-required
https://vuldb.com/?submit.501868
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

alokkumar0200 (VulDB User)
.