PT-2024-36886 · Craft Cms · Two-Factor Authentication

Fabian Funder

Published

2024-06-06

Updated

2025-09-03

CVE-2024-5658

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions CraftCMS plugin Two-Factor Authentication versions 3.3.3 and earlier

Description The issue allows reuse of TOTP tokens multiple times within the validity period.

Recommendations For versions 3.3.3 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting the use of TOTP tokens to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-303

Related Identifiers

CVE-2024-5658

GHSA-96QM-HWHP-2RM8

Affected Products

Two-Factor Authentication

PT-2024-36886 · Craft Cms · Two-Factor Authentication

CVE-2024-5658

Weakness Enumeration

Related Identifiers

Affected Products

References · 15