CVE-2025-12760

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6...

CVE-2025-12760 Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6...

CVE-2025-31676

Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email TFA: from 0.0.0 before 2.0.3...

CVE-2025-31676

Drupal Email TFA (Drupal Email TFA module) is affected by a weak authentication vulnerability that enables brute-force attempts against the email-based second factor. The issue affects versions 0.0.0 through 2.0.2 and can allow bypass of the second factor, with exploitation described as a brute-f...

PT-2025-13840 · Drupal · Drupal Email Tfa

Name of the Vulnerable Software and Affected Versions: Drupal Email TFA versions 0.0.0 through 2.0.2 Description: The issue is related to weak authentication in Drupal Email TFA, allowing brute force attacks. Recommendations: For versions 0.0.0 through 2.0.2, update to version 2.0.3 or later to...

Drupal Email TFA 安全漏洞

Drupal Email TFA is a Drupal community module that provides email-based two-factor authentication functionality for Drupal. A security vulnerability exists in Drupal Email TFA versions prior to 2.0.3, which stems from weak authentication and could lead to brute force exploits...