CVE-2024-41276

EIP tracks 1 public exploit for CVE-2024-41276. PoCs published by artemy-ccrsky.

AI-analyzed exploit summary This repository contains a functional exploit script for CVE-2024-41276, which bypasses authentication in Kaiten by brute-forcing a 6-digit PIN code. The exploit leverages the X-Forwarded-For header to bypass rate limits and automates the process of requesting and guessing PINs within the 5-minute expiration window.

A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism. The application requires users to input a 6-digit PIN code sent to their email for authorization after entering their login credentials. However, the request limiting mechanism can be easily bypassed, enabling attackers to perform a brute force attack to guess the correct PIN and gain unauthorized access to the application.