CVE-2024-12839 – Changing Information Technology CGFIDO Session Hijacking Vulnerability

12月 31, 2024
3:16 am

CVE ID : CVE-2024-12839

Published : Dec. 31, 2024, 2:15 a.m. | 1 hour, 1 minute ago

Description : The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged website, the agent program deployed on their device will send an authentication signature to the website. An unauthenticated remote attacker who obtains this signature can use it to log into the system with any device.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-12839 – Changing Information Technology CGFIDO Session Hijacking Vulnerability

Elvescore.io

Recent Posts

CVE-2024-43077 – Apache Device Manager Out-of-Bounds Write Vulnerability

CVE-2024-43097 – Synthes CAD Elevation of Privilege

CVE-2024-43762 – “Apache Service Privilege Escalation”

CVE-2024-43764 – Android: Lock Screen Partial Bypass Local Privilege Escalation

CVE-2024-43767 – Adobe Photoshop SkBlurMaskFilter Heap Overflow Vulnerability

CVE-2024-43768 – Skia SkDeflate Out-of-Bounds Write Vulnerability

CVE-2024-12839 – Changing Information Technology CGFIDO Session Hijacking Vulnerability

CVE-2024-12839 – Changing Information Technology CGFIDO Session Hijacking Vulnerability