2 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2

The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period. El complemento CraftCMS Autenticación de dos factores hasta 3.3.3 permite la reutilización de tokens TOTP varias veces dentro del período de validez. • http://www.openwall.com/lists/oss-security/2024/06/06/2 https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4 https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-02_CraftCMS_Plugin_Two-Factor_Authentication_TOTP_Valid_After_Use https://plugins.craftcms.com/two-factor-authentication?craft4 • CWE-287: Improper Authentication •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 2

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP. El complemento CraftCMS Autenticación de dos factores en las versiones 3.3.1, 3.3.2 y 3.3.3 revela el hash de contraseña del usuario actualmente autenticado después de enviar un TOTP válido. • http://www.openwall.com/lists/oss-security/2024/06/06/1 https://github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4 https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-01_CraftCMS_Plugin_Two-Factor_Authentication_Password_Hash_Disclosure https://plugins.craftcms.com/two-factor-authentication?craft4 • CWE-522: Insufficiently Protected Credentials •