CVE-2023-24080 Information

Description

A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack.

Reference

https://brackishllc-my.sharepoint.com/:u:/g/personal/matt_brackish_io/EVIBVQz86jBLsLmGbaj64ecBNv-XY51u8-Boeoj4DMGRhw?e=XRcx72 https://partner-identity.myq-cloud.com/api/Account/EmailValidation https://brackish.io/chamberlain-myq-account-takeover/ http://chamberlain.com