A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack.
References
Configurations
History
27 Mar 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
21 Mar 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Mar 2023, 14:59
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-307 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:chamberlain:myq:5.222.0.32277:*:*:*:*:iphone_os:*:* | |
References | (MISC) https://partner-identity.myq-cloud.com/api/Account/EmailValidation - Broken Link | |
References | (MISC) https://brackish.io/chamberlain-myq-account-takeover/ - Exploit, Third Party Advisory | |
References | (MISC) https://brackishllc-my.sharepoint.com/:u:/g/personal/matt_brackish_io/EVIBVQz86jBLsLmGbaj64ecBNv-XY51u8-Boeoj4DMGRhw?e=XRcx72 - Broken Link | |
References | (MISC) http://chamberlain.com - Product |
22 Feb 2023, 14:03
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-21 23:15
Updated : 2024-02-04 23:14
NVD link : CVE-2023-24080
Mitre link : CVE-2023-24080
CVE.ORG link : CVE-2023-24080
JSON object : View
Products Affected
chamberlain
- myq
CWE
CWE-307
Improper Restriction of Excessive Authentication Attempts