CVE-2024-13239

Name of the Vulnerable Software and Affected Versions Two-factor Authentication (TFA) versions 0.0.0 through 1.5.0

Description The issue is related to a weak authentication vulnerability in the Two-factor Authentication (TFA) module for Drupal, which can be exploited to abuse authentication. This vulnerability is associated with weaknesses in the authentication procedure, allowing a remote attacker to bypass security restrictions.

Recommendations For versions 0.0.0 through 1.5.0, update to a version that includes a fix for this issue to prevent authentication abuse. As a temporary workaround, consider restricting access to the Two-factor Authentication (TFA) module until a patch is available.