Home > Vulnerability Database > CVE-2024-47768

Mend.io Vulnerability Database

CVE-2024-47768

Date: October 4, 2024

Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacker knew the email of the target, they could supply the email and immediately prompt the server to update the password without ever needing the code. This issue has been patched in version 1.7.3.

Language: Python

Severity Score

8.1

Related Resources (4)

Url: https://github.com/Lif-Platforms/Lif-Auth-Server/commit/8dbd7cad914a8b939451c652bfb716aa796f754e

Url: https://github.com/Lif-Platforms/Lif-Auth-Server/security/advisories/GHSA-hmv6-8fg8-7m6f

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-47768

Url: https://www.mend.io/vulnerability-database/CVE-2024-47768

Severity Score

8.1

Weakness Type (CWE)

Improper Authentication

CWE-287

Missing Authorization

CWE-862

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-47768

Date: October 4, 2024

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?