CVE-2024-36250
MFA Code ReplayMattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds
We have discovered 17 live websites that are affected by CVE-2024-36250.
Affected Software
| Product |  Mattermost |
| Category | Message Boards |
| Vulnerable Domains | 17 live websites (4.10% of Mattermost install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 5 versions ( 7.46% of all versions) |
Common Weakness Enumeration
CWE-303 Incorrect Implementation of Authentication AlgorithmDetails
- Published - Nov 9, 2024
- Updated - Nov 12, 2024
Credits
- DoyenSec (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-36250 United States | 9 websites |
 Germany | 2 websites |
 Japan | 2 websites |
 France | 1 websites |
 Iran | 1 websites |
 Korea, South | 1 websites |
 Tonga | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2024-36250| .com | 8 websites |
| .net | 2 websites |
| .at | 1 websites |
| .fr | 1 websites |
| .org | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-36250
Top websites that are affected by CVE-2024-36250. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | Iran | *,***,*** | |
| ******.**.kr | Korea, South | **,***,*** | |
| *****.****.to | Japan | **,***,*** | |
| **.****.net | Germany | **,***,*** | |
| ****.***********.com | United States | **,***,*** | |
| **.********.com | United States | **,***,*** | |
| ********.****.to | Japan | **,***,*** | |
| ***.***********.com | United States | **,***,*** | |
| **********.*******.net | United States | **,***,*** | |
| ****.***********.com | United States | **,***,*** |
FAQ
CVE-2024-36250 is Incorrect Implementation of Authentication Algorithm in Mattermost
A total of 17 websites have been identified as vulnerable to CVE-2024-36250, based on global website indexing conducted by WebTechSurvey.
The Mattermost is affected by the CVE-2024-36250 vulnerability.
Mattermost versions up to and including 9.11.2 are vulnerable to CVE-2024-36250.