artemy-ccrsky

3 exploits Active since Jul 2024
CVE-2024-39211 NOMISEC MEDIUM WORKING POC
Kaiten 57.128.8 - User Account Enumeration via Login Response Discrepancy
Kaiten 57.128.8 allows remote attackers to enumerate user accounts via a crafted POST request, because a login response contains a user_email field only if the user account exists.
7 stars
CVSS 5.3
CVE-2024-41276 NOMISEC CRITICAL WORKING POC
Kaiten <= 57.131.12 - Unauthenticated Brute Force Attack via PIN Code Bypass
A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism. The application requires users to input a 6-digit PIN code sent to their email for authorization after entering their login credentials. However, the request limiting mechanism can be easily bypassed, enabling attackers to perform a brute force attack to guess the correct PIN and gain unauthorized access to the application.
4 stars
CVSS 9.8
CVE-2024-39211 WRITEUP MEDIUM SCANNER
Kaiten 57.128.8 - User Account Enumeration via Login Response Discrepancy
Kaiten 57.128.8 allows remote attackers to enumerate user accounts via a crafted POST request, because a login response contains a user_email field only if the user account exists.
CVSS 5.3