← ExploitWatch
HomeExploited Vulnerabilities

CVE-2024-39891 — Actively Exploited: Authy (Twilio)

Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.

CVE IDCVE-2024-39891
VendorTwilio
ProductAuthy
Vulnerability nameTwilio Authy Information Disclosure Vulnerability
Date added2024-07-23
Remediation due2024-08-13
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
DescriptionTwilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →