CVE-2025-48012
EPSS 0.13%Published: 5/14/2025Modified: 12/10/2025
Also known as:DRUPAL-CONTRIB-2025-063
Description
This module enables you to allow users to include a second authentication method in addition to password authentication. The module doesn't sufficiently prevent the same TFA token within a 30 second window. This vulnerability is mitigated by the fact that an attacker must obtain a valid username/password and second factor.
Affected packages (1)
- Packagist/drupal/one_time_passwordfrom 0, < 1.3.0