Headline

GHSA-vw39-2wj9-4q86: django-mfa2 vulnerable to MFA Replay attack

mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage.

2 years ago

ghsa

Open in Source

#git

GitHub Advisory Database
GitHub Reviewed
CVE-2022-42731

django-mfa2 vulnerable to MFA Replay attack

High severity GitHub Reviewed Published Oct 11, 2022 • Updated Oct 11, 2022

Package

pip django-mfa2 (pip)

Affected versions

< 2.5.1

>= 2.6.0, < 2.6.1

Patched versions

2.5.1

2.6.1

Description

2 years ago

CVE

Open in Source

#vulnerability #git

ghsa: Latest News

GHSA-7p9f-6x8j-gxxp: CRI-O: Maliciously structured checkpoint file can gain arbitrary node access

7 hours ago

ghsa

GHSA-hh33-46q4-hwm2: Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion

8 hours ago

ghsa

GHSA-rmv2-8jjc-23xw: TCPDF Local File Inclusion vulnerability

10 hours ago

ghsa

GHSA-w5rq-g9r6-vrcg: @dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling

12 hours ago

ghsa

GHSA-q4xm-6fjc-5f6w: sigstore-java has vulnerability with bundle verification

12 hours ago

ghsa

Headline

GHSA-vw39-2wj9-4q86: django-mfa2 vulnerable to MFA Replay attack

Related news

ghsa: Latest News