CVE-2024-5658

June 6, 2024, 2:17 p.m.

4.8

Medium

Description

The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.

Product(s) Impacted

Product	Versions
Two-Factor Authentication plugin for CraftCMS	up to 3.3.3
CraftCMS plugin Two-Factor Authentication	through 3.3.3

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4

https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-02_CraftCMS_Plugin_Two-Factor_Authentication_TOTP_Valid_After_Use

https://plugins.craftcms.com/two-factor-authentication?craft4

Tags

CWE-287

2024-06-06

1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a

CVE-2024-5658

CVSS Score

4.8 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: HIGH
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: HIGH
Availability Impact: NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

View Vector String

Timeline

Published: June 6, 2024, 11:15 a.m.
Last Modified: June 6, 2024, 2:17 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.