Vulnerability Details CVE-2020-24655
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices (effectively bypassing the PIN requirement).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.7%
CVSS Severity
CVSS v3 Score 5.1
CVSS v2 Score 1.9
Products affected by CVE-2020-24655
-
cpe:2.3:a:twilio:authy_2-factor_authentication:24.3.7