GSA_kwCzR0hTQS05NnFtLWh3aHAtMnJtOM4AA8wB

Moderate EPSS: 0.00153% (0.36733 Percentile) EPSS:

Permalink JSON

Improper Authentication in CraftCMS two factor authentication plugin

Affected Packages	Affected Versions	Fixed Versions
packagist:born05/craft-twofactorauthentication	< 3.3.4	3.3.4
1 Dependent packages 1 Dependent repositories 96,803 Downloads total Affected Version Ranges All affected versions 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 1.0.0, 1.0.1, 1.1.0, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.3.0, 2.4.0, 2.5.0, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.8.0, 2.8.1, 2.9.0, 2.10.0, 2.10.1, 2.11.0, 2.11.1, 3.0.0, 3.0.1, 3.1.0, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.3.2, 3.3.3 All unaffected versions 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.4.0

The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.

References:

Identifiers

GHSA-96qm-hwhp-2rm8

CVE-2024-5658

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00153

EPSS Percentile: 0.36733

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/born05/craft-twofactorauthentication

Date and time

Published

about 1 year ago

Updated

about 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories