Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and responded with information about whether each phone number was registered with Authy. (Authy accounts were not compromised, however.)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
Twilio Authy API 安全漏洞
Vulnerability Description
Twilio Authy API是美国Twilio公司的一个授权接口。用于为开发人员构建双因素身份验证、无密码登录和安全授权。 Twilio Authy API for Android 25.1.0之前版本、Twilio Authy API for iOS 26.1.0之前版本存在安全漏洞,该漏洞源于未经身份验证的端点提供了对某些电话号码数据的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A