Insecure service configuration - OTP
Description
The OTP mock is still enabled in the application.
Impact
- Attacker with information from a user of the application gets to the point where the OTP is requested. - Enters default OTP and successfully logs in to the application.
Recommendation
Remove the OTP mock so that you can only login to the application with the OTP sent to the email.
Threat
Unauthorized user with access to the application.
Expected Remediation Time
⏱️ 60 minutes.
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
L
Attack requirements
N
Privileges required
L
User interaction
N
Confidentiality (VC)
L
Integrity (VI)
N
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
X
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N