Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication.
CPE | Name | Operator | Version |
---|---|---|---|
scheb/two-factor-bundle | lt | 3.7.0 |