CVE-2025-42600
Description
This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password (OTP) attempts through certain API endpoints of login process. A remote attacker could exploit this vulnerability by performing a brute force attack on OTP, which could lead to gain unauthorized access to other user accounts.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-42600? +
How do I check if I'm vulnerable to CVE-2025-42600? +
Related Vulnerabilities
Unauthorised access to the call forwarding service system in MeetMe products in versions prior to 2024-09 allows an attacker to …
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web …
Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to …
Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary …
Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key …
Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the …