TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center-Mitake smart stock selection system

Mitake smart stock selection system - Broken Authentication

TVN ID	TVN-202103001
CVE ID	CVE-2021-28174
CVSS	6.5 (Medium) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products	Mitake Smart Stock Selection System version 2020/06/23 or earlier
Description	Mitake smart stock selection system contains a broken authentication vulnerability. By manipulating the parameters in the URL, remote attackers can gain the privileged permissions to access transaction record, and fraudulent trading without login.
Solution	Update Mitake smart stock selection system to version 2020/12/23 or later.
Credit	Jia-Rong Chen
Public Date	2021-04-08

Mitake smart stock selection system - Broken Authentication