3 matches found
CVE-2025-48012
Summary: CVE-2025-48012 is a capture-replay authentication bypass in the Drupal One Time Password module, affecting versions 0.0.0 up to, but not including, 1.3.0. The root cause is a vulnerability that allows remote services to authenticate with stolen credentials, enabling an attacker to bypass...
CVE-2025-48010
CVE-2025-48010 describes an authentication bypass in the Drupal One Time Password module. Affected versions are 0.0.0 through 1.3.0, where an alternate path or channel could bypass normal authentication, effectively bypassing functionality. The issue is documented across multiple trusted sources ...
CVE-2025-48011
CVE-2025-48011 affects the Drupal One Time Password module. The connected documents specify an authentication bypass in the module, caused by a vulnerability in the Drupal One Time Password implementation that allows bypassing authentication via an alternate path or channel. Affected versions are...