CVE-2024-41800

Craft CMS Allows TOTP Token To Stay Valid After Use

Severity Score

4.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3.

*Credits: N/A

CVSS Scores

GitHubv3.1 4.8

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

Poc

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-22 CVE Reserved
2024-07-25 CVE Published
2024-08-02 CVE Updated
2024-08-27 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (4)

URL	Tag	Source
https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38	X_refsource_misc
https://github.com/craftcms/cms/releases/tag/5.2.3	X_refsource_misc
https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx	X_refsource_confirm
https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Craftcms Search vendor "Craftcms"		Cms Search vendor "Craftcms" for product "Cms"				>= 5.0.0 < 5.2.3 Search vendor "Craftcms" for product "Cms" and version " >= 5.0.0 < 5.2.3"		en		Affected