CVE-2025-48010

描述

This module enables you to allow users to include a second authentication method in addition to password authentication. The module doesn't sufficiently prevent one time login links from bypassing TFA. This vulnerability is mitigated by the fact that an attacker must have access to an email account attached to a user or a valid one time password link for a user.

受影響套件(1)

• Packagist/drupal/one_time_passwordfrom 0, < 1.3.0

參考連結(1)

• WEBhttps://www.drupal.org/sa-contrib-2025-061