Insecure authentication due to missing bruteforce protection and runtime manipulation in Two App Studio Journey 5.5.6 for iOS

July 21, 2025 invoker category_cve

CVE Details

Basic Information

Title Insecure authentication due to missing bruteforce protection and runtime manipulation in Two App Studio Journey 5.5.6 for iOS
Type cve
Published 2025-07-21T11:01:29.417Z
Modified 2025-07-21T11:01:29.417Z

Product Information

Vendor Two App Studio
Product Journey
Version 0

CVSS Information

Base Score 7.8 (HIGH)
Attack Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

  • Two App Studio Journey 0

Additional Information

CWE List CWE-287
Source cirosec

Description

Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attackers to bypass biometric and PIN-based access control via repeated PIN attempts or dynamic code injection.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.