Password Hash Disclosure
born05/craft-twofactorauthentication is vulnerable to Password Hash Disclosure. The vulnerability is due to the improper handling of password hashes, which are exposed in server responses after a valid TOTP submission. Attackers can exploit this by controlling a user's session to obtain the...