CVE-2022-34772

MEDIUM

Tabit - Password Enumeration

Title source: llm

Description

Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting.

References (1)

[Third Party Advisory] https://www.gov.il/en/departments/faq/cve_advisories

Scores

CVSS v3 4.3

EPSS 0.0026

EPSS Percentile 49.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-521

Status published

Products (1)

tabit/tabit < 3.27.0

Published Aug 22, 2022

Tracked Since Feb 18, 2026