CVE-2024-5657
Published
CVSS v3
3.7
LOW
CVSS v2
N/A
Affected
2
PROJECTS
Description
The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.
Craft plugin for two-factor or two-step login using Time Based OTP.
GitHub