Twilio Authy Information Disclosure Vulnerability

北京赛克艾威科技有限公司 2024-07-23

漏洞编号：CVE-2024-39891
漏洞等级：严重
漏洞标签：Twilio、Authy、在野利用
发布时间：2024-07-23

漏洞描述

Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.

修复建议

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

参考链接

https://www.twilio.com/en-us/changelog/Security_Alert_Authy_App_Android_iOS

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Twilio Authy Information Disclosure Vulnerability

漏洞描述

修复建议

参考链接

联系方式

白帽社区

政企服务

信息安全服务

信息安全培训

关于我们