CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-39891

High Severity
Twilio
SVRS
52/100
CVSSv3
5.3/10
EPSS
0.18149/1

CVE-2024-39891: Unauthenticated access to phone number data in Twilio Authy API. This vulnerability in the Twilio Authy API allowed unauthorized access to phone number registration data, impacting Authy Android versions before 25.1.0 and Authy iOS versions before 26.1.0. The unauthenticated endpoint permitted the querying of phone numbers to determine if they were registered with Authy. While Authy accounts were not compromised, the exposure of this information poses significant privacy risks. The vulnerability, actively exploited in the wild as of June 2024, highlights the need for robust API security. With a SOCRadar Vulnerability Risk Score (SVRS) of 52, indicating a moderate risk, organizations should assess potential exposure and prioritize updates. Although the CVSS score is 5.3, the "In The Wild" tag suggests immediate patching, as active exploits exist. This information disclosure vulnerability underscores the importance of secure API design and continuous monitoring for potential threats.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:L
I:N
A:N
PUBLICATION DATE2024-07-02
LAST MODIFIED2024-12-20
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-39891 is a vulnerability in the Twilio Authy API that allowed unauthenticated access to certain phone-number data. This vulnerability could have been exploited by attackers to gather sensitive information about users, such as their phone numbers and associated accounts.

Key Insights:

  • The SVRS of 34 indicates that this vulnerability is of moderate severity and requires attention.
  • The vulnerability was present in Authy Android versions before 25.1.0 and Authy iOS versions before 26.1.0.
  • While Authy accounts were not compromised, attackers could have used the exposed data to launch phishing or other targeted attacks.

Mitigation Strategies:

  • Update Authy Android to version 25.1.0 or later.
  • Update Authy iOS to version 26.1.0 or later.
  • Implement strong authentication measures to protect user accounts.
  • Monitor for suspicious activity and take appropriate action if necessary.

Additional Information:

  • There are no known active exploits for this vulnerability.
  • CISA has not issued a warning for this vulnerability.
  • The vulnerability is not currently being exploited in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Twilio Authy Information Disclosure Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-398912024-07-23
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Vulnerability Recap 7/29/24 – Multiple Old Security Flaws Reappear
Jenna Phipps2024-07-29
Vulnerability Recap 7/29/24 – Multiple Old Security Flaws Reappear | This week’s vulnerabilities include multiple issues from previous years. Read more about the flaws your team needs to patch as soon as possible. The post Vulnerability Recap 7/29/24 – Multiple Old Security Flaws Reappear appeared first on eSecurity Planet.In the aftermath of CrowdStrike’s unique update failure that sparked a different type of security incident, standard vulnerability
cve-2024-39891
cve-2024-1975
cve-2024-4076
cve-2024-1737
CISA Adds Two Known Exploited Vulnerabilities to Catalog
2024-07-25
CISA Adds Two Known Exploited Vulnerabilities to Catalog | The vulnerabilities are as follows: CVE-2012-4792, a decade-old vulnerability in Internet Explorer allowing remote code execution, and CVE-2024-39891, an information disclosure flaw in Twilio Authy.
cve-2024-39891
cve-2012-4792
cves
exploit
U.S. CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini2024-07-24
U.S. CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog | U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions of the flaws added to the KEV catalog: CVE-2012-4792 (CVSS score of […]
securityaffairs.co
rss
forum
news
Organizations Warned of Exploited Twilio Authy Vulnerability
Ionut Arghire2024-07-24
Organizations Warned of Exploited Twilio Authy Vulnerability | CISA warns of the in-the-wild exploitation of CVE-2024-39891, a Twilio Authy bug leading to the disclosure of phone number data. The post Organizations Warned of Exploited Twilio Authy Vulnerability appeared first on SecurityWeek.
cve-2024-39891
domains
urls
cves
CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List
[email protected] (The Hacker News)2024-07-24
CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2012-4792 (CVSS score: 9.3) - Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 (CVSS score: 5.3) - Twilio Authy Information Disclosure
thehackernews.com
rss
forum
news
CVE-2024-39891 | Twilio Authy on Android/iOS API improper authentication
vuldb.com2024-07-02
CVE-2024-39891 | Twilio Authy on Android/iOS API improper authentication | A vulnerability was found in Twilio Authy on Android/iOS. It has been rated as critical. Affected by this issue is some unknown functionality of the component API. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2024-39891. The attack may be launched remotely. There is no exploit available. It is
cve-2024-39891
domains
urls
cves

Social Media

8 - CVE-2024-39891 - Twilio Authy API, Affected Versions: Authy Android before 25.1.0 and Authy iOS before 26.1.0 - Severity Rating: 5.3 (Medium)
1
0
0
Organizations Warned of Exploited Twilio Authy Vulnerability: CISA warns of the in-the-wild exploitation of CVE-2024-39891, a Twilio Authy bug leading to the disclosure of phone number data. The post Organizations Warned of Exploited Twilio Authy… https://t.co/cIB7LmabjS https://t.co/8yglJdNcYi
0
1
0
CISA has issued an urgent warning regarding two actively exploited flaws affecting #Microsoft #InternetExplorer and #Twilio Authy, a popular two-factor authentication app. CVE-2012-4792 and CVE-2024-39891, pose significant risks to users and organizations https://t.co/ZOyfRmNK2l
0
0
0
CVE-2024-39891 In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data. (Authy accounts were not compr... https://t.co/CzlHNRDUEJ
0
0
0
CVE-2024-39891 In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data… https://t.co/SE4DjYTNh6
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppTwilioauthy

References

ReferenceLink
[email protected]https://cwe.mitre.org/data/definitions/203.html
[email protected]https://www.twilio.com/docs/usage/security/reporting-vulnerabilities
[email protected]https://www.twilio.com/en-us/changelog
[email protected]https://cwe.mitre.org/data/definitions/203.html
[email protected]https://www.bleepingcomputer.com/news/security/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers/
[email protected]https://www.twilio.com/docs/usage/security/reporting-vulnerabilities
[email protected]https://www.twilio.com/en-us/changelog
AF854A3A-2127-422B-91AE-364DA2661108https://cwe.mitre.org/data/definitions/203.html
AF854A3A-2127-422B-91AE-364DA2661108https://www.bleepingcomputer.com/news/security/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers/
AF854A3A-2127-422B-91AE-364DA2661108https://www.twilio.com/docs/usage/security/reporting-vulnerabilities
AF854A3A-2127-422B-91AE-364DA2661108https://www.twilio.com/en-us/changelog
[email protected]https://cwe.mitre.org/data/definitions/203.html
[email protected]https://www.bleepingcomputer.com/news/security/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers/
[email protected]https://www.twilio.com/docs/usage/security/reporting-vulnerabilities
[email protected]https://www.twilio.com/en-us/changelog

CWE Details

CWE IDCWE NameDescription
CWE-203Observable DiscrepancyThe product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence