Born05: >> Two-Factor Authentication >> 3.3.2 Security Vulnerabilities
The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.
CVSS Score
3.7
EPSS Score
0.001
Published
2024-06-06
The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-06-06