PT-2024-35383 · Elabftw · Elabftw
Anargam
·
Published
2024-12-09
·
Updated
2025-08-15
·
CVE-2024-52586
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
eLabFTW versions 4.6.0 through 5.1.0
Description
A vulnerability has been found in eLabFTW that allows an attacker to bypass the built-in multifactor authentication mechanism. This can be exploited by an attacker who can authenticate locally, allowing them to log in regardless of MFA requirements. It's noted that this does not affect MFA performed by single sign-on services.
Recommendations
For versions 4.6.0 through 5.1.0, upgrade to at least version 5.1.9 to receive a fix.
Exploit
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Elabftw