ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a `Lockout Policy` with a maximum amount of failed password check attempts, there was no such mechanism for (T)OTP checks. This issue has been patched in version 2.50.0.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-04-25T23:53:37.235Z

Updated: 2024-08-05T16:54:00.249Z

Reserved: 2024-04-19T14:07:11.229Z

Link: CVE-2024-32868

cve-icon Vulnrichment

Updated: 2024-08-02T02:20:35.643Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-26T00:15:08.753

Modified: 2024-11-21T09:15:53.900

Link: CVE-2024-32868

cve-icon Redhat

No data.