CVE-2025-48012
EPSS 0.13%發布日:2025/5/14修改日:2025/12/10
也稱為:DRUPAL-CONTRIB-2025-063
描述
This module enables you to allow users to include a second authentication method in addition to password authentication. The module doesn't sufficiently prevent the same TFA token within a 30 second window. This vulnerability is mitigated by the fact that an attacker must obtain a valid username/password and second factor.
受影響套件(1)
- Packagist/drupal/one_time_passwordfrom 0, < 1.3.0