Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-H6MP-MC7G-MG49
HistoryMay 21, 2024 - 6:16 p.m.

scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token

2024-05-2118:16:24
CWE-287
GitHub Advisory Database
github.com
6
scheb/two-factor-bundle
vulnerability
bypass
two-factor authentication
unverified jwt
trusted device token
software

6.9 Medium

AI Score

Confidence

Low

JSON

Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication.

Affected configurations

Vulners
Node
schebtwo-factor-bundleRange<3.7.0
CPENameOperatorVersion
scheb/two-factor-bundlelt3.7.0

6.9 Medium

AI Score

Confidence

Low

JSON