This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/flooding on the targeted system.
The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Aim-star | Reedos | 2.0.1 (including) | 2.0.1 (including) |