Authentication Bypass
scheb/two-factor-bundle is vulnerable to authentication bypass. The vulnerability exists as the JwtTokenEncoder does not properly verify the validity of the JWT token, allowing an attacker to generate trusted device cookies and bypass the two-factor authentication...