CVE-2024-12838

The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators.

The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators.

El mecanismo de inicio de sesión sin contraseña en CGFIDO de Changing Information Technology tiene una vulnerabilidad de omisión de autenticación, que permite a atacantes remotos con privilegios regulares enviar una solicitud diseñada para cambiar a la identidad de cualquier usuario, incluidos los administradores.