Main Vulnerability Database Vulnerabilities #VU105370

Improper access control in Two-factor Authentication (TFA) - #VU105370

Published: March 6, 2025

Vulnerability identifier: #VU105370

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: coltrane

Affected software:
Two-factor Authentication (TFA)

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected module does not sufficiently ensure that known login routes are not overridden by third-party modules. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.

Remediation

Install updates from vendor's website.

Sources

https://www.drupal.org/sa-contrib-2025-023

Improper access control in Two-factor Authentication (TFA) - #VU105370

Detailed vulnerability description

Remediation

Sources

Please verify you're human