Products
Two-Factor Authentication plugin for CraftCMS
- up to 3.3.3
CraftCMS plugin Two-Factor Authentication
- through 3.3.3
Source
1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
Tags
CVE-2024-5658 details
Published : June 6, 2024, 11:15 a.m.
Last Modified : June 6, 2024, 2:17 p.m.
Last Modified : June 6, 2024, 2:17 p.m.
Description
The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.
CVSS Score
1 | 2 | 3 | 4.8 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
4.8
Exploitability Score
Impact Score
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
References
URL | Source |
---|---|
https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4 | 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a |
https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-02_CraftCMS_Plugin_Two-Factor_Authentication_TOTP_Valid_After_Use | 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a |
https://plugins.craftcms.com/two-factor-authentication?craft4 | 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a |
This website uses the NVD API, but is not approved or certified by it.