Base Score

MEDIUM6.5

CVE-2024-5658

The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.

VectorNETWORK

Published By1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a

Published DateJun 06, 2024, 11:15

Affected Versions(1)

born05/craft-twofactorauthentication(Packagist)

Introduced0

Fixed3.3.4

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
born05/craft-twofactorauthentication(Packagist)	0	3.3.4	N/A

Weakness Type (CWE):CWE-287

CVSS Metrics

Base Score

6.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

HIGH

Availability (A)

NONE

References

Base Score

MEDIUM6.5

Weakness Type (CWE):CWE-287

CVSS Metrics

Base Score

6.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

HIGH

Availability (A)

NONE