Security Advisories

CVE-2024-XXXX (Not yet assigned by MITRE) · Jan 13, 2025

Password Authentication MFA Bypass in Hosted AuthKit

This vulnerability applies only to users of Hosted AuthKit with password authentication and multi-factor authentication (MFA) enabled. If an attacker had obtained the user's password, they could have bypassed the MFA process by enrolling a new authentication factor. However, this vulnerability was never exploited and has since been remediated. No further action is required.

Severity
High
Affected product
Hosted AuthKit
Fixed on
January 7, 2025
Reported by
Geoff Zhang (CyberRisk)

This site uses cookies to improve your experience. Please accept the use of cookies on this site. You can review our cookie policy here and our privacy policy here. If you choose to refuse, functionality of this site will be limited.