Back
ThroughTek Kalay SDK Insufficient Verification Of Message Authenticity
Publication date: May 15th, 2024
CVSS scrore:
4.3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected vendors:
ThroughTek
Affected products:
Kalay SDK
Vulnerability details:
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server.
Credit:
Alexandru Lazar & Radu Basaraba, Bitdefender Labs