COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2023-24080

CVE-2023-24080

Severity
critical
Source
NVD · cve
Published
2023-02-21
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-24080
shame 35/100

A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack.

Players implicated

chamberlain · vendormyq · product

Description

A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.