CVE-2025-48010
EPSS 0.13%Published: 5/14/2025Modified: 12/10/2025
Also known as:DRUPAL-CONTRIB-2025-061
Description
This module enables you to allow users to include a second authentication method in addition to password authentication. The module doesn't sufficiently prevent one time login links from bypassing TFA. This vulnerability is mitigated by the fact that an attacker must have access to an email account attached to a user or a valid one time password link for a user.
Affected packages (1)
- Packagist/drupal/one_time_passwordfrom 0, < 1.3.0