Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS0zcDR4LWdycG0teHc1OM4AA8wD

Low EPSS: 0.00205% (0.42905 Percentile) EPSS:
Permalink JSON

Password hash exposed in CraftCMS two factor authentication plugin

Affected Packages Affected Versions Fixed Versions
packagist:born05/craft-twofactorauthentication >= 3.3.1, < 3.3.4 3.3.4
1 Dependent packages
1 Dependent repositories
96,803 Downloads total

Affected Version Ranges

All affected versions

3.3.1, 3.3.2, 3.3.3

All unaffected versions

0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 1.0.0, 1.0.1, 1.1.0, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.3.0, 2.4.0, 2.5.0, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.8.0, 2.8.1, 2.9.0, 2.10.0, 2.10.1, 2.11.0, 2.11.1, 3.0.0, 3.0.1, 3.1.0, 3.2.0, 3.2.1, 3.3.0, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.4.0

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.

References:

Identifiers

GHSA-3p4x-grpm-xw58

CVE-2024-5657

Risk

Severity

Low

EPSS

EPSS Percentage: 0.00205

EPSS Percentile: 0.42905

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/born05/craft-twofactorauthentication

Date and time

Published

about 1 year ago

Updated

about 1 year ago

API

JSON