Login Sign Up

CVE-2023-3065

9.1 CRITICAL
Authentication Bypass

📋 TL;DR

This CVE describes an authentication bypass vulnerability in the Mobatime AMXGT100 mobile application. Attackers can bypass authentication mechanisms to gain unauthorized access to the application's functionality. This affects all users of Mobatime AMXGT100 mobile application versions through 1.3.20.

💻 Affected Systems

Products:
  • Mobatime mobile application AMXGT100
Versions: through 1.3.20
Operating Systems: Android, iOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Amxgt 100 by Mobatime

View all CVEs affecting Amxgt 100 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the mobile application, allowing attackers to access sensitive time tracking data, manipulate records, or perform unauthorized actions as legitimate users.

🟠

Likely Case

Unauthorized access to employee time tracking data, potential manipulation of work hours, and access to personal information stored in the application.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent the vulnerable application from accessing sensitive backend systems.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability allows authentication bypass without credentials, making exploitation straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.21 or later

Vendor Advisory: https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html

Restart Required: Yes

Instructions:

1. Update the Mobatime AMXGT100 mobile application to version 1.3.21 or later from the official app store. 2. Restart the application after update. 3. Verify the update was successful by checking the version number in app settings.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to the application's backend services to prevent exploitation from unauthorized networks.

Application Removal

all

Remove vulnerable versions of the application from devices until patched.

🧯 If You Can't Patch

  • Isolate affected devices on a restricted network segment
  • Implement additional authentication layers at the network or proxy level

🔍 How to Verify

Check if Vulnerable:

Check the application version in the app settings. If version is 1.3.20 or earlier, the system is vulnerable.

Check Version:

Check within the mobile application settings menu for version information.

Verify Fix Applied:

Verify the application version is 1.3.21 or later in the app settings.

📡 Detection & Monitoring

Log Indicators:

  • Unusual authentication patterns
  • Multiple failed login attempts followed by successful access without proper credentials
  • Access from unexpected locations or devices

Network Indicators:

  • Unusual API calls to authentication endpoints
  • Traffic patterns indicating bypass of normal authentication flows

SIEM Query:

source="mobile_app_logs" AND (event_type="authentication" AND result="success" AND (credential_check="bypassed" OR auth_method="none"))

📊 Metadata

CVE ID: CVE-2023-3065
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-287
Published: June 5, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3065, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)