Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0 before 5.1.*.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- Drupal / Enterprise MFA - TFA for Drupal0.0.0 – 4.8.0
- Drupal / Enterprise MFA - TFA for Drupal5.2.0 – 5.2.1
- Drupal / Enterprise MFA - TFA for Drupal0.0.0 – 5.0.*
- Drupal / Enterprise MFA - TFA for Drupal0.0.0 – 5.1.*