The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-33488

CVE-2026-33488: WWBN AVideo Auth Bypass Vulnerability

CVE-2026-33488 is an authentication bypass flaw in WWBN AVideo that allows attackers to bypass 2FA by factoring weak 512-bit RSA keys. This article covers the technical details, affected versions, and mitigation steps.

Published: March 27, 2026

CVE-2026-33488 Overview

WWBN AVideo, an open source video platform, contains a critical cryptographic weakness in its LoginControl plugin's PGP 2FA system. The createKeys() function generates 512-bit RSA keys, which have been publicly factorable since 1999 using commodity hardware. This vulnerability allows attackers who obtain a target user's public key to factor the RSA modulus within hours, derive the complete private key, and decrypt any PGP 2FA challenge—completely bypassing the second authentication factor.

Additionally, the generateKeys.json.php and encryptMessage.json.php endpoints lack authentication checks, exposing CPU-intensive key generation operations to anonymous users, creating potential for resource exhaustion attacks.

Critical Impact

Complete two-factor authentication bypass allowing unauthorized account access through cryptographic key derivation from publicly factorable 512-bit RSA keys.

Affected Products

  • WWBN AVideo versions up to and including 26.0
  • LoginControl plugin with PGP 2FA functionality
  • Any AVideo instance using PGP-based two-factor authentication

Discovery Timeline

  • 2026-03-23 - CVE-2026-33488 published to NVD
  • 2026-03-24 - Last updated in NVD database

Technical Details for CVE-2026-33488

Vulnerability Analysis

This vulnerability stems from fundamentally inadequate cryptographic parameters in the PGP 2FA implementation. The use of 512-bit RSA keys represents a severe deviation from modern cryptographic standards, as RSA-512 was first publicly factored in 1999 using distributed computing. Modern hardware can factor such keys in a matter of hours using well-known algorithms like the General Number Field Sieve (GNFS).

The vulnerability is classified under CWE-326 (Inadequate Encryption Strength), reflecting the use of cryptographic parameters that fail to meet contemporary security requirements. While the network attack vector requires high complexity for exploitation, successful attacks can result in complete compromise of confidentiality, integrity, and availability.

Root Cause

The root cause lies in the createKeys() function within the LoginControl plugin, which explicitly generates 512-bit RSA key pairs for PGP 2FA operations. Modern cryptographic standards mandate a minimum of 2048-bit RSA keys, with 3072-bit or 4096-bit keys recommended for long-term security. The 512-bit key size provides approximately 56 bits of security strength—well below the 112-bit minimum recommended by NIST.

A secondary issue compounds this vulnerability: the key generation and message encryption endpoints (generateKeys.json.php and encryptMessage.json.php) operate without authentication, allowing anonymous users to trigger computationally expensive operations and potentially harvest public keys.

Attack Vector

The attack proceeds through the following mechanism: An attacker first obtains the target user's 512-bit RSA public key, which may be exposed through the unauthenticated endpoints or other means. Using factorization tools and commodity hardware (or cloud computing resources), the attacker factors the RSA modulus to recover the prime factors. With these factors, the complete private key is mathematically derivable. The attacker can then decrypt any PGP 2FA challenges issued by the system, effectively bypassing the second authentication factor entirely.

This attack is feasible because factoring a 512-bit RSA modulus requires approximately 8 hours on modern consumer-grade hardware using optimized implementations of GNFS. Cloud-based GPU resources can reduce this time significantly.

Detection Methods for CVE-2026-33488

Indicators of Compromise

  • Unusual access patterns to generateKeys.json.php or encryptMessage.json.php endpoints from unauthenticated sessions
  • Multiple failed 2FA attempts followed by successful authentication from different IP addresses
  • Unexpected key generation requests or high CPU usage from the AVideo application
  • Login attempts using valid 2FA codes from IP addresses inconsistent with user history

Detection Strategies

  • Monitor web server logs for unauthenticated requests to /plugin/LoginControl/generateKeys.json.php and /plugin/LoginControl/encryptMessage.json.php
  • Implement anomaly detection for authentication patterns, flagging successful 2FA after geographic anomalies
  • Review PGP public keys stored in the system to identify any with 512-bit modulus lengths
  • Configure web application firewalls to alert on high-frequency requests to key generation endpoints

Monitoring Recommendations

  • Enable detailed logging for all LoginControl plugin authentication events
  • Set up alerting for CPU usage spikes associated with PHP key generation processes
  • Implement geolocation-based anomaly detection for 2FA challenge completions
  • Conduct periodic audits of cryptographic key sizes stored in the application database

How to Mitigate CVE-2026-33488

Immediate Actions Required

  • Update WWBN AVideo to a version containing commit 00d979d87f8182095c8150609153a43f834e351e or later
  • Force regeneration of all existing PGP 2FA keys with appropriate key sizes (minimum 2048-bit)
  • Implement authentication requirements for the generateKeys.json.php and encryptMessage.json.php endpoints if running an unpatched version
  • Consider temporarily disabling PGP 2FA until patched, using alternative 2FA methods

Patch Information

The vulnerability has been addressed in commit 00d979d87f8182095c8150609153a43f834e351e. This patch modifies the createKeys() function to generate cryptographically secure RSA key pairs with appropriate key lengths. Organizations running WWBN AVideo should apply this patch immediately by updating to the latest version from the official repository.

For detailed patch information, refer to the GitHub Commit and the GitHub Security Advisory.

Workarounds

  • Restrict access to the LoginControl plugin endpoints via web server configuration (Apache/Nginx rules)
  • Implement rate limiting on key generation endpoints to mitigate resource exhaustion
  • Use network-level access controls to limit who can reach the AVideo administration interfaces
  • Monitor and invalidate existing 512-bit keys, requiring users to re-enroll with secure key generation
bash
# Nginx configuration to restrict access to vulnerable endpoints
location ~ ^/plugin/LoginControl/(generateKeys|encryptMessage)\.json\.php$ {
    # Require authentication or restrict to internal networks
    allow 10.0.0.0/8;
    allow 192.168.0.0/16;
    deny all;
    
    # Alternatively, disable entirely until patched
    # return 403;
}

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeAuth Bypass
  • Vendor/TechWwbn Avideo
  • SeverityHIGH
  • CVSS Score8.1
  • EPSS Probability0.04%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Impact Assessment
  • ConfidentialityHigh
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-326
  • Vendor Resources
  • GitHub Commit Changes
  • GitHub Security Advisory
  • Related CVEs
  • CVE-2026-39366: AVideo PayPal Auth Bypass Vulnerability
  • CVE-2026-35179: WWBN AVideo Auth Bypass Vulnerability
  • CVE-2026-34737: Wwbn Avideo Auth Bypass Vulnerability
  • CVE-2026-34738: Wwbn Avideo Auth Bypass Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English