Primary

Context

Rising Technosoft CAP Back Office Application OTP Verification Bypass Vulnerability

Vulnerability

An authentication bypass vulnerability has been identified in the Rising Technosoft CAP back office application, all versions prior to 2.0.4. This vulnerability arises from an improper implementation of the one-time password (OTP) verification mechanism in the application's API-based login. A remote attacker with valid credentials could exploit this issue by manipulating the API request URL or payload, effectively bypassing two-factor authentication (2FA) for other user accounts.

Impact

Exploitation of this vulnerability could lead to unauthorized bypassing of two-factor authentication, allowing attackers to access accounts of other users without proper verification.

Remediation

Users are advised to upgrade the Rising Technosoft CAP back office application to version 2.0.4 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rising Technosoft CAP Back Office Application OTP Verification Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating