6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
74.8%
This module will allow you to add Time-based One-time Password Algorithm (also called “Two Step Authentication” or “Multi-Factor Authentication”) support to user logins.
Users with the permission to use multi-factor authentication need to associate a Google Authenticator token with their acount before they can use the multi-factor authentication for login. If this step is not done or not completed, their accounts can be logged-in to by supplying the username only due to a logic bug in the module’s validation. This means that when an administrator enables the module and grants the permission to use multi-factor authentication all user accounts with that permission can be logged-in to via the username.
Drupal core is not affected. If you do not use the contributed Google Authenticator login module, there is nothing you need to do.
Install the latest version:
Also see the Google Authenticator login project page.