5 matches found
CVE-2022-42731
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage...
CVE-2022-42731
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage...
CVE-2022-42731
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage...
CVE-2022-42731
CVE-2022-42731 affects django-mfa2, specifically the mfa/FIDO2.py component. The vulnerability is a replay attack where the device registration challenge is not invalidated after use, enabling an attacker to register another device for a user. Affected versions are before 2.5.1 and 2.6.x before 2...
CVE-2022-42731
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage...