Advisories for Composer/Born05/Craft-Twofactorauthentication package

2024

Password hash exposed in CraftCMS two factor authentication plugin

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.

Improper Authentication in CraftCMS two factor authentication plugin

The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period.