Lucene search
GoogleOSV:PYSEC-2022-303HistoryOct 11, 2022 - 2:15 p.m.
PYSEC-2022-303
2022-10-1114:15:00
Google
osv.dev
6
django-mfa2
fido2
replay attack
device registration
software
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
34.6%
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage.
Related
github
github
django-mfa2 vulnerable to MFA Replay attack
2022-10-11 19:00:29
cve
cve
CVE-2022-42731
2022-10-11 14:15:10
osv
osv
CVE-2022-42731
2022-10-11 14:15:10
django-mfa2 vulnerable to MFA Replay attack
2022-10-11 19:00:29
nvd
nvd
CVE-2022-42731
2022-10-11 14:15:10
cvelist
cvelist
CVE-2022-42731
2022-10-11 00:00:00
prion
prion
Design/Logic Flaw
2022-10-11 14:15:00
veracode
veracode
Replay Attack
2022-10-12 10:39:08
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
34.6%
Related for OSV:PYSEC-2022-303