CVE-2024-39891 - Twilio Authy Information Disclosure Vulnerability

CVE-2024-39891: Twilio | Authy

Date Added:
2024-07-23

Due Date:
2024-08-13

Vulnerability Name: Twilio Authy Information Disclosure Vulnerability

Description: Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://www.twilio.com/en-us/changelog/Security_Alert_Authy_App_Android_iOS; https://nvd.nist.gov/vuln/detail/CVE-2024-39891

Related News Articles: CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities ListJuly 24, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard