Two-factor Authentication (TFA) - Critical - Access bypass - SA-CONTRIB-2023-030

This module enables you to allow and/or require users to use a second authentication method in addition to password authentication. The module doesn't sufficiently ensure all core login routes, including the password reset page, require a second factor credential. This vulnerability is mitigated ...