Incorrect Implementation of Authentication Algorithm
CVE-2024-5658
Summary
The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.
- HIGH
- NETWORK
- HIGH
- UNCHANGED
- REQUIRED
- LOW
- NONE
- NONE
CWE-303 - Incorrect Implementation of Authentication Algorithm
The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.
References
Advisory Timeline
- Published
