logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2024-39891

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2024-39891

Description:
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and responded with information about whether each phone number was registered with Authy. (Authy accounts were not compromised, however.)
Last updated date:
07/24/2024

Reports

alt

ACTIVELY EXPLOITED

Type:
exploitation
Confidence:
HIGH
Date of publishing:
07/03/2024
Reference url to background

https://nvd.nist.gov/vuln/detail/CVE-2024-39891

Type:
exploitation
Confidence:
HIGH
Date of publishing:
07/23/2024
Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy