CVE-2024-13279

Name of the Vulnerable Software and Affected Versions Drupal Two-factor Authentication (TFA) versions 0.0.0 through 1.8.0

Description The issue is related to incorrect session management in the Two-factor Authentication (TFA) module of the Drupal CMS system. This can allow a remote attacker to hijack a user's session. The problem affects the Two-factor Authentication (TFA) module, allowing session fixation.

Recommendations For versions 0.0.0 through 1.8.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the TFA module to minimize the risk of exploitation.