All vulnerabilities
CVE-2024-39891
Twilio Authy Information Disclosure Vulnerability
Twilio — Authy
- Added to KEV catalog
- 23 July 2024
- Federal remediation due date
- 13 August 2024
- Weakness classification (CWE)
- CWE-203
CISA Description
Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://www.twilio.com/en-us/changelog/Security_Alert_Authy_App_Android_iOS; https://nvd.nist.gov/vuln/detail/CVE-2024-39891
Confirm Your Exposure
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services