CVE-2024-45832 MEDIUM

CVE-2024-45832: Ossur Mobile Logic Application Use of Hard-coded Credentials

Vendor Ossur
Product Mobile Logic Application
Weakness CWE-798 · Hardcoded credentials
Published January 17, 2025
Last update January 17, 2025

CVSS base score

4.3/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Hard-coded credentials were included as part of the application binary. These credentials served as part of the application authentication flow and communication with the mobile application. An attacker could access unauthorized information.

Key dates

02Disclosure timeline

January 17, 2025 CVE published
January 17, 2025 Record updated