CVE-2024-39891
- Reference to the description:
- Description:
- In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and responded with information about whether each phone number was registered with Authy. (Authy accounts were not compromised, however.)
- Last updated date:
- 12/20/2024
Reports
ACTIVELY EXPLOITED
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 07/03/2024
- Reference url to background
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 07/23/2024
- Reference url to background
https://www.cisa.gov/known-exploited-vulnerabilities-catalog