CVE-2024-41276 Information

Description

A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism. The application requires users to input a 6-digit PIN code sent to their email for authorization after entering their login credentials. However the request limiting mechanism can be easily bypassed enabling attackers to perform a brute force attack to guess the correct PIN and gain unauthorized access to the application.

Reference

https://kaiten.ru/ https://github.com/artemy-ccrsky/CVE-2024-41276