Conrad Lara

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2.

Name of the Vulnerable Software and Affected Versions: Drupal Two-factor Authentication (TFA) versions 0.0.0 through 1.10.0 Description: The issue affects the two-factor authentication (TFA) mechanism, allowing exploitation of incorrectly configured access control security levels due to a privilege defined with unsafe actions. Recommendations: For versions 0.0.0 through 1.10.0, update to version 1.11.0 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Enterprise MFA - TFA for Drupal versions 0.0.0 through 4.8.0 Enterprise MFA - TFA for Drupal versions 5.2.0 through 5.2.0 Enterprise MFA - TFA for Drupal versions 0.0.0 through 5.0.* Enterprise MFA - TFA for Drupal versions 0.0.0 through 5.1.* Description: The issue affects the Enterprise MFA - TFA for Drupal module, allowing authentication bypass using an alternate path or channel. This is due to the module not sufficiently ensuring that known authorization routes are protected. Recommendations: For versions 0.0.0 through 4.8.0, update to version 4.8.0 or later. For version 5.2.0, update to version 5.2.1 or later. For versions 0.0.0 through 5.0.*, update to version 5.0.* or later. For versions 0.0.0 through 5.1.*, update to version 5.1.* or later. As a temporary workaround, consider restricting access to known authorization routes to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Drupal One Time Password versions 0.0.0 through 1.3.0 **Description** The issue is related to an Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password, allowing functionality bypass. **Recommendations** For versions 0.0.0 through 1.3.0, update to version 1.3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Drupal One Time Password versions 0.0.0 through 1.3.0 **Description** The issue is related to an Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password, allowing functionality bypass. **Recommendations** For versions 0.0.0 through 1.3.0, update to version 1.3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** One Time Password versions 0.0.0 through 1.3.0 **Description** The issue is related to an Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password, allowing remote services with stolen credentials. **Recommendations** For One Time Password versions 0.0.0 through 1.3.0, update to version 1.3.0 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Enterprise MFA - TFA for Drupal versions 0.0.0 through 4.6.x Enterprise MFA - TFA for Drupal versions 5.0.0 through 5.1.x Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel vulnerability in Enterprise MFA - TFA for Drupal, allowing authentication bypass. Recommendations: For Enterprise MFA - TFA for Drupal versions 0.0.0 through 4.6.x, update to version 4.7.0 or later. For Enterprise MFA - TFA for Drupal versions 5.0.0 through 5.1.x, update to version 5.2.0 or later.

Name of the Vulnerable Software and Affected Versions: Enterprise MFA - TFA for Drupal versions 0.0.0 through 4.6.x Enterprise MFA - TFA for Drupal versions 5.0.0 through 5.1.x Description: The issue is related to an Authentication Bypass by Capture-replay vulnerability in Enterprise MFA - TFA for Drupal. This allows remote services to be accessed with stolen credentials. Recommendations: For Enterprise MFA - TFA for Drupal versions 0.0.0 through 4.6.x, update to version 4.7.0 or later. For Enterprise MFA - TFA for Drupal versions 5.0.0 through 5.1.x, update to version 5.2.0 or later.

Name of the Vulnerable Software and Affected Versions: Enterprise MFA - TFA for Drupal versions 0.0.0 through 4.6.x Enterprise MFA - TFA for Drupal versions 5.0.0 through 5.1.x Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel vulnerability in Enterprise MFA - TFA for Drupal, allowing authentication bypass. Recommendations: For Enterprise MFA - TFA for Drupal versions 0.0.0 through 4.6.x, update to version 4.7.0 or later. For Enterprise MFA - TFA for Drupal versions 5.0.0 through 5.1.x, update to version 5.2.0 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal Two-factor Authentication (TFA) versions 0.0.0 through 1.10.0 **Description** The issue is related to an Incorrect Authorization vulnerability in the Drupal Two-factor Authentication (TFA) module, allowing Forceful Browsing. **Recommendations** For versions 0.0.0 through 1.10.0, update to a version 1.10.0 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Intel SGX (affected versions not specified) Description: The issue is a side-channel timing attack against Intel SGX enclaves, which can lead to the complete compromise of Trusted Execution Environment (TEE) attestation. A proof of concept (PoC) has demonstrated key extraction in less than 4 seconds. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Drupal Two-factor Authentication (TFA) versions 0.0.0 through 1.8.0 **Description** The issue is related to incorrect session management in the Two-factor Authentication (TFA) module of the Drupal CMS system. This can allow a remote attacker to hijack a user's session. The problem affects the Two-factor Authentication (TFA) module, allowing session fixation. **Recommendations** For versions 0.0.0 through 1.8.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the TFA module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Two-factor Authentication (TFA) versions 0.0.0 through 1.5.0 **Description** The issue is related to a weak authentication vulnerability in the Two-factor Authentication (TFA) module for Drupal, which can be exploited to abuse authentication. This vulnerability is associated with weaknesses in the authentication procedure, allowing a remote attacker to bypass security restrictions. **Recommendations** For versions 0.0.0 through 1.5.0, update to a version that includes a fix for this issue to prevent authentication abuse. As a temporary workaround, consider restricting access to the Two-factor Authentication (TFA) module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Drupal versions prior to the fixed version **Description** The Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this issue. This is mitigated by the fact that it only applies when the site sets `$config['image.settings']['allow insecure derivatives']` or `$conf['image allow insecure derivatives']` to TRUE. The recommended and default setting is FALSE. **Recommendations** For Drupal 9, ensure that `$config['image.settings']['allow insecure derivatives']` is set to FALSE. For Drupal 7, ensure that `$conf['image allow insecure derivatives']` is set to FALSE. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating. Consider reviewing and adjusting the configuration of contributed modules that provide additional file systems or schemes to minimize potential risks.