GoogleOSV:GHSA-3P4X-GRPM-XW58Password hash exposed in CraftCMS two factor authentication plugin
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.4%
The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.
References
www.openwall.com/lists/oss-security/2024/06/06/1
github.com/born05/craft-twofactorauthentication
github.com/born05/craft-twofactorauthentication/commit/eb93bcb73037171dae8ca5cfa4c20e7e5748b73a
github.com/born05/craft-twofactorauthentication/releases/tag/3.3.4
github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-01_CraftCMS_Plugin_Two-Factor_Authentication_Password_Hash_Disclosure
nvd.nist.gov/vuln/detail/CVE-2024-5657
plugins.craftcms.com/two-factor-authentication?craft4
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.4%