CRITICAL🇵🇱 Wersja polska

CVE-2024-13239

CVSS 9.8v3.1pub. 2025-01-09upd. 2025-06-04

Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.

🤖 AI Analysis
How it works

The vulnerability results from improper implementation of the two-factor authentication mechanism in the TFA module. The flaw allows an attacker to bypass or abuse the second authentication factor verification process. Due to the network vector (AV:N), lack of required privileges (PR:N), and lack of user interaction (UI:N), the attack can be conducted remotely without any preconditions.

Impact

An attacker can gain unauthorized access to user accounts protected by the TFA mechanism, effectively bypassing two-factor authentication security. Potential violations of confidentiality, integrity, and availability of data (all three indicators rated as HIGH).

Mitigation & patch

The Two-Factor Authentication (TFA) module should be updated to version 1.5.0 or newer. Detailed information is available in the official Drupal security advisory at https://www.drupal.org/sa-contrib-2024-003.

Who is affected

Two-Factor Authentication (TFA) module for Drupal in versions from 0.0.0 to 1.5.0 (version 1.5.0 is not affected by the vulnerability).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Two Factor Authentication Project Two Factor Authentication

    APP
    Two-Factor Authentication Project
    < 8.x-1.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-13279CRITICAL9.8PL ✓ten sam produkt

Session Fixation w module Drupal Two-Factor Authentication (TFA)

CVE-2025-31694HIGH8.1ten sam produkt

Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This ...

CVE-2025-7030MEDIUM6.5ten sam produkt

Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication (TFA) allows Exploitin...