5 matches found
CVE-2024-5657
The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP...
CVE-2024-5657
The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP...
CVE-2024-5657 CraftCMS Plugin - Two-Factor Authentication - Password Hash Disclosure
The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP...
CVE-2024-5657 CraftCMS Plugin - Two-Factor Authentication - Password Hash Disclosure
The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP...
CVE-2024-5657
CVE-2024-5657 affects CraftCMS plugin Two-Factor Authentication (versions 3.3.1–3.3.3). After submitting a valid TOTP, the plugin discloses the password hash of the currently authenticated user in server responses. Root cause: improper handling/exposure of password hashes within normal responses....