Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force. This issue affects MyRezzta: from s2.03.01 before v2.05.01.
The application does not implement effective mechanisms limiting the number of consecutive login attempts, such as account lockout, CAPTCHA, or request throttling. An attacker can repeatedly attempt various password combinations (brute force) without any consequences on the system side. The lack of protection also applies to the password recovery procedure, which can be exploited to take over an account without knowledge of the original password.
An attacker can gain unauthorized access to user accounts, including administrative accounts, leading to complete breach of confidentiality, integrity, and availability of data in the application.
Akinsoft MyRezzta should be updated to version v2.05.01 or later. Detailed information is available at: https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0205
Akinsoft MyRezzta in versions from s2.03.01 to versions preceding v2.05.01
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H