Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:25 a.m.8 views

CVE-2024-5657

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP...

8.1CVSS6.9AI score0.00832EPSS
Exploits1References1
NVD
NVD
added 2024/06/06 11:15 a.m.32 views

CVE-2024-5657

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP...

8.1CVSS4.2AI score0.00832EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/06/06 10:29 a.m.30 views

CVE-2024-5657 CraftCMS Plugin - Two-Factor Authentication - Password Hash Disclosure

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP...

3.7CVSS4.2AI score0.00832EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/06/06 10:29 a.m.12 views

CVE-2024-5657 CraftCMS Plugin - Two-Factor Authentication - Password Hash Disclosure

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP...

3.7CVSS6.8AI score0.00832EPSS
Exploits1References4
CVE
CVE
added 2024/06/06 10:29 a.m.59 views

CVE-2024-5657

CVE-2024-5657 affects CraftCMS plugin Two-Factor Authentication (versions 3.3.1–3.3.3). After submitting a valid TOTP, the plugin discloses the password hash of the currently authenticated user in server responses. Root cause: improper handling/exposure of password hashes within normal responses....

8.1CVSS5.9AI score0.00832EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder