Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.1
Deutsche Telekom's Account Management Portal allows unlimited login attempts
CVE-2025-69615
Summary
The Deutsche Telekom Account Management Portal had a security flaw that allowed hackers to try guessing passwords without being blocked, even if two-factor authentication (2FA) was enabled. This made it easier for attackers to gain unauthorized access to accounts. Deutsche Telekom fixed this issue on November 3, 2025, and users should update their portal to the latest version.
Original title
Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Ac...
Original description
Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-24, fixed 2025-11-03.
nvd CVSS3.1
9.1
Vulnerability type
CWE-307
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026