11 matches found
CVE-2022-42731
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage...
CVE-2022-42731
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage...
CVE-2022-42731
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage...
PYSEC-2022-303
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage...
PYSEC-2022-303
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage...
Design/Logic Flaw
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage...
CVE-2022-42731
CVE-2022-42731 affects django-mfa2, specifically the mfa/FIDO2.py component. The vulnerability is a replay attack where the device registration challenge is not invalidated after use, enabling an attacker to register another device for a user. Affected versions are before 2.5.1 and 2.6.x before 2...
PT-2022-26522 · Unknown · Django-Mfa2
Name of the Vulnerable Software and Affected Versions: django-mfa2 versions 2.5.0 through 2.5.1 django-mfa2 versions 2.6.0 through 2.6.0 Description: The issue allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated aft...
django-mfa2 安全漏洞
django-mfa2 is a Django application that handles MFA by Mohamed El-Kalioby Personal Developer. Supports TOTP, U2F, FIDO2 U2F Webauthn, email tokens and trusted devices. A security vulnerability exists in django-mfa2 versions prior to 2.5.1, and 2.6.x versions prior to 2.6.1, which stems from a...
CVE-2022-42731
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage...
CVE-2022-42731
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage...