PT-2025-21194 · Drupal · Enterprise Mfa - Tfa For Drupal
Conrad Lara
+3
·
Published
2025-05-14
·
Updated
2025-06-10
·
CVE-2025-47706
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Enterprise MFA - TFA for Drupal versions 0.0.0 through 4.6.x
Enterprise MFA - TFA for Drupal versions 5.0.0 through 5.1.x
Description:
The issue is related to an Authentication Bypass by Capture-replay vulnerability in Enterprise MFA - TFA for Drupal. This allows remote services to be accessed with stolen credentials.
Recommendations:
For Enterprise MFA - TFA for Drupal versions 0.0.0 through 4.6.x, update to version 4.7.0 or later.
For Enterprise MFA - TFA for Drupal versions 5.0.0 through 5.1.x, update to version 5.2.0 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Enterprise Mfa - Tfa For Drupal