CVE-2025-47706

描述

The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't sufficiently check whether the TOTP token is already used or not for authenticator-based second-factor methods. This vulnerability is mitigated by the fact that an attacker must have a username, password and TOTP token generated within the last 5 minutes.

受影響套件(1)

• Packagist/drupal/miniorange_2fafrom 0, < 4.7.0 | >= 5.0.1, < 5.2.0

參考連結(1)

• WEBhttps://www.drupal.org/sa-contrib-2025-052