Name of the Vulnerable Software and Affected Versions: scheb/two-factor-bundle versions prior to 3.26.0 scheb/two-factor-bundle versions prior to 4.11.0

Description: A security issue allowed attackers to bypass two-factor authentication (2FA) using the remember me cookie. When the remember me checkbox was used during login, a "REMEMBERME" cookie was created. Upon redirection to the 2FA page, attackers could manipulate the SESSIONID key, granting access to the homepage "/" and gaining authentication without completing 2FA.

Recommendations: For versions prior to 3.26.0, update to version 3.26.0 or later to resolve the issue. For versions prior to 4.11.0, update to version 4.11.0 or later to resolve the issue. As a temporary workaround, consider disabling the remember me feature until a patch is available. Restrict access to the SESSIONID key to minimize the risk of exploitation.