CVE-2024-51720
Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE
In short
SecuSUITE's authentication server doesn't use enough randomness when creating security tokens, allowing attackers to register fake devices to someone else's account. This could let an attacker impersonate the victim when logging in.
Technical detail
The SCA Server generates insufficient entropy in authentication tokens (CWE-307), enabling an attacker to predict or brute-force device enrollment credentials. This allows unauthorized device registration to a legitimate user's account without requiring valid credentials, compromising multi-factor authentication mechanisms.
Summary generated and translated by AI from the official description.
An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone number.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected products
BlackBerry · SecuSUITEWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →