Packagist (Composer) package
born05/craft-twofactorauthentication
pkg:composer/born05/craft-twofactorauthentication
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-5658 | — | < 3.3.4 | 3.3.4 | Jun 6, 2024 | The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period. | ||
| CVE-2024-5657 | — | >= 3.3.1, < 3.3.4 | 3.3.4 | Jun 6, 2024 | The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP. |
- CVE-2024-5658Jun 6, 2024affected < 3.3.4fixed 3.3.4
The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.
- CVE-2024-5657Jun 6, 2024affected >= 3.3.1, < 3.3.4fixed 3.3.4
The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.