Vulnerability Details CVE-2022-45168
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/createbackupcodes endpoint, because the application allows a user to generate or regenerate the backup codes before checking the TOTP.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.1%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2022-45168
-
cpe:2.3:a:liveboxcloud:vdesk:-
-
cpe:2.3:a:liveboxcloud:vdesk:018