CVE-2024-39891 - Twilio Authy Information Disclosure Vulnerability
CVE-2024-39891
Twilio | Authy
- Date Added:
- 2024-07-23
- Due Date:
- 2024-08-13
- Vulnerability Name
Twilio Authy Information Disclosure Vulnerability
- Description
Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.
- Known To Be Used in Ransomware Campaigns?
Unknown
- Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Additional Notes
- https://www.twilio.com/en-us/changelog/Security_Alert_Authy_App_Android_iOS; https://nvd.nist.gov/vuln/detail/CVE-2024-39891
- Related News Articles
Free security scan for your website