Drupal · Drupal · CVE-2024-13279
**Name of the Vulnerable Software and Affected Versions**
Drupal Two-factor Authentication (TFA) versions 0.0.0 through 1.8.0
**Description**
The issue is related to incorrect session management in the Two-factor Authentication (TFA) module of the Drupal CMS system. This can allow a remote attacker to hijack a user's session. The problem affects the Two-factor Authentication (TFA) module, allowing session fixation.
**Recommendations**
For versions 0.0.0 through 1.8.0, update to a version that contains a fix for this issue.
As a temporary workaround, consider restricting access to the TFA module to minimize the risk of exploitation.