CVE-2023-49949

Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes...

CVE-2023-49949

Passwork before 6.2.0 contains a vulnerability in the authorization procedure that allows a remote authenticated user to bypass two‑fact‑authentication (2FA) by brute‑forcing a one‑time six‑digit code. Affected software is Passwork prior to 6.2.0 . The issue arises from weaknesses in the 2FA work...