PT-2022-26522 · Unknown · Django-Mfa2
Published
2022-10-11
·
Updated
2022-10-11
·
CVE-2022-42731
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
django-mfa2 versions 2.5.0 through 2.5.1
django-mfa2 versions 2.6.0 through 2.6.0
Description
The issue allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage.
Recommendations
For django-mfa2 versions 2.5.0 through 2.5.1, update to version 2.5.1 or later.
For django-mfa2 versions 2.6.0 through 2.6.0, update to version 2.6.1 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Django-Mfa2