CVE-2025-47706
EPSS 0.13%Published: 5/7/2025Modified: 12/10/2025
Also known as:DRUPAL-CONTRIB-2025-052
Description
The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't sufficiently check whether the TOTP token is already used or not for authenticator-based second-factor methods. This vulnerability is mitigated by the fact that an attacker must have a username, password and TOTP token generated within the last 5 minutes.
Affected packages (1)
- Packagist/drupal/miniorange_2fafrom 0, < 4.7.0 | >= 5.0.1, < 5.2.0