mkalioby/django-mfa2

Releases37

Frequency2 months 1 week

Last Release about 2 months ago

Stars340

A Django app that handles MFA, it supports TOTP, U2F, FIDO2 U2F (Webauthn), Email Token and Trusted Devices

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-42731 ↗	Oct 11, 2022Tuesday, 11 October 2022, 14:15	7.5 HIGH	—
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage.