CVE-2023-24080
Summary
| CVE | CVE-2023-24080 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-02-21 23:15:00 UTC |
| Updated | 2023-03-27 14:15:00 UTC |
| Description | A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack. |
Risk And Classification
Problem Types: CWE-307
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Chamberlain | Myq | 5.222.0.32277 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Chamberlain | Garage Door Openers, Remotes and Parts | MISC | chamberlain.com | |
| archive.ph/NH0Bk | MISC | archive.ph | |
| Sharing Link Validation | MISC | brackishllc-my.sharepoint.com | |
| partner-identity.myq-cloud.com/api/Account/EmailValidation | MISC | partner-identity.myq-cloud.com | |
| Chamberlain myQ Account Takeover – Brackish Security | MISC | brackish.io | |
| web.archive.org/web/20230122144550/https://brackish.io/chamberlain-myq-accoun... | MISC | web.archive.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.