CVE-2023-49949

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Dec 26, 2023

Updated: Jan 4, 2024

CWE ID 863

Summary

CVE-2023-49949 is a vulnerability affecting Password Manager version 6.2.0 and below. This issue permits authenticated attackers to bypass Two-Factor Authentication (2FA) through a brute-force method. By sending all one million possible 6-digit codes, an attacker can successfully authenticate themselves, compromising the user's account security. This weakness exposes sensitive data to unauthorized access, requiring users to update their Password Manager software as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tq9lFl
https://www.cve.org/CVERecord?id=CVE-2023-49949
https://nvd.nist.gov/vuln/detail/CVE-2023-49949

Back to Vulnerability Database

CVE-2023-49949

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations