An issue was discovered in LIVEBOX Collaboration vDesk...
Moderate severity
Unreviewed
Published
Jun 10, 2024
to the GitHub Advisory Database
•
Updated Jul 26, 2024
Description
Published by the National Vulnerability Database
Jun 10, 2024
Published to the GitHub Advisory Database
Jun 10, 2024
Last updated
Jul 26, 2024
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes before checking the TOTP.
References