CVE-2025-31694

High CVSS: 8.1

Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0.

Vendor

Two-factor Authentication Project

Product

Two-factor Authentication

CWE

CWE-288

Yayın Tarihi

2025-03-31 22:15:22

Güncelleme

2025-09-02 18:35:00

Source Identifier

mlhess@drupal.org

KEV Date Added

Kategoriler

CWE-288 Two-factor Authentication HIGH Two-factor Authentication Project 2025

Referanslar

https://www.drupal.org/sa-contrib-2025-023

Benzer Kayıtlar

Medium

CVE-2025-7030

Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication (TFA) allows Exploiting Incorrec…

Critical

CVE-2024-13279

Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-…

Critical

CVE-2024-13239

Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affec…