Fabiantuw

**Name of the Vulnerable Software and Affected Versions** Craft CMS versions prior to 5.2.3 **Description** Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. The validity period of a TOTP token is 2 minutes, making a successful brute force attack more likely. **Recommendations** For Craft CMS versions prior to 5.2.3, update to version 5.2.3 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the CMS to minimize the risk of exploitation. Avoid reusing TOTP tokens within the validity period until the issue is resolved.