Primary

Context

Ascertia SigningHub One-Time Password Verification Bypass Vulnerability

Vulnerability

A rate limiting vulnerability has been identified in the One-Time Password (OTP) verification endpoint of Ascertia SigningHub version 8.6.8 and prior. This flaw allows attackers to automate OTP code submissions and bypass verification, potentially impersonating another user.

Impact

Exploitation of this vulnerability allows for unauthorized OTP verification, enabling attackers to impersonate users by verifying their mobile numbers without knowledge of the actual OTP codes.

Remediation

It is recommended to implement rate limiting on the OTP verification endpoint to prevent brute-force attacks. Additionally, OTP codes should be revoked after a certain number of failed verification attempts.

Added: Oct 20, 2025, 1:17 PM

Updated: Oct 20, 2025, 4:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ascertia SigningHub One-Time Password Verification Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating