- Description
- The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged website, the agent program deployed on their device will send an authentication signature to the website. An unauthenticated remote attacker who obtains this signature can use it to log into the system with any device.
- Source
- twcert@cert.org.tw
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- twcert@cert.org.tw
- CWE-294
- Hype score
- Not currently trending
CVE-2024-12839 (CVSS:8.8, HIGH) is Awaiting Analysis. The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypas..https://t.co/F3xO9R489X #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
5 Jan 2025
25 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12839 The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged web… https://t.co/UARppnUdhG
@CVEnew
31 Dec 2024
527 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12839 Authentication Bypass Vulnerability in CGFIDO Device Authentication System CGFIDO's device authentication login system from Changing Information Technology has an Authentication Bypass vulnerabilit... https://t.co/wqke23fot4
@VulmonFeeds
31 Dec 2024
81 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
[CVE-2024-12839: HIGH] CGFIDO device authentication from Changing IT is vulnerable to Authentication Bypass, allowing remote attackers to access the system using stolen signatures. #CyberSecurity#cybersecurity,#vulnerability https://t.co/iZcLDYaP2z https://t.co/36NkSROIT0
@CveFindCom
31 Dec 2024
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes