CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2024-5658 – CraftCMS Plugin - Two-Factor Authentication - TOTP Token Stays Valid After Use
https://notcve.org/view.php?id=CVE-2024-5658
The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period. El complemento CraftCMS Autenticación de dos factores hasta 3.3.3 permite la reutilización de tokens TOTP varias veces dentro del período de validez. • http://www.openwall.com/lists/oss-security/2024/06/06/2 https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4 https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-02_CraftCMS_Plugin_Two-Factor_Authentication_TOTP_Valid_After_Use https://plugins.craftcms.com/two-factor-authentication?craft4 • CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 2CVE-2024-5657 – CraftCMS Plugin - Two-Factor Authentication - Password Hash Disclosure
https://notcve.org/view.php?id=CVE-2024-5657
The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP. El complemento CraftCMS Autenticación de dos factores en las versiones 3.3.1, 3.3.2 y 3.3.3 revela el hash de contraseña del usuario actualmente autenticado después de enviar un TOTP válido. • http://www.openwall.com/lists/oss-security/2024/06/06/1 https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4 https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-01_CraftCMS_Plugin_Two-Factor_Authentication_Password_Hash_Disclosure https://plugins.craftcms.com/two-factor-authentication?craft4 • CWE-522: Insufficiently Protected Credentials •