Back

CVE-2024-5658

June 6, 2024, 2:17 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Two-Factor Authentication plugin for CraftCMS

  • up to 3.3.3

CraftCMS plugin Two-Factor Authentication

  • through 3.3.3

Source

1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a

Tags

CWE-287
2024-06-06
1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
CVE-2024-5658

CVE-2024-5658 details

Published : June 6, 2024, 11:15 a.m.
Last Modified : June 6, 2024, 2:17 p.m.

Description

The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.

CVSS Score

1 2 3 4.8 5 6 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

4.8

Exploitability Score

Impact Score

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

References

URL Source
https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-02_CraftCMS_Plugin_Two-Factor_Authentication_TOTP_Valid_After_Use 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
https://plugins.craftcms.com/two-factor-authentication?craft4 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
This website uses the NVD API, but is not approved or certified by it.