3 matches found
GHSA-8WJ3-CPMR-8WHP Cockpit Content Platform vulnerable to 2FA bypass
Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication 2FA bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an attacker to bypass the 2FA code. A patch is available on the develop branch and is expected to be part...
Cockpit Content Platform vulnerable to 2FA bypass
Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication 2FA bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an attacker to bypass the 2FA code. A patch is available on the develop branch and is expected to be part...
2FA Bypass in Cockpit Content Platform ≤ v2.2.1
Description 2FA secret is disclosed in JWT token after user logs into his account in Cockpit Content Platform ≤ v2.2.1 allowing attacker to bypass the 2FA code. Proof of Concept 1.Login with your admin account and enable 2FA in your account and logout. 2.Go to...