Incorrect Protection Mechanism in Telenav Scout GPS Link App for iOS Enables Brute-Force Attacks on Authentication Process

Incorrect Protection Mechanism in Telenav Scout GPS Link App for iOS Enables Brute-Force Attacks on Authentication Process

CVE-2019-14951 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile.

Learn more about our Cis Benchmark Audit For Apple Ios.