1 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate (or usercp.php?action=mybb2fa&do=activate). A deactivate operation lowers the security of the targeted account by disabling two factor authentication. • https://community.mybb.com/thread-162369.html https://seekurity.com/blog/advisories/mybb-two-factor-authentication-extension-vulnerabilities • CWE-352: Cross-Site Request Forgery (CSRF) •