CVE-2024-13279

CVE-2024-13279: Two-factor Authentication (TFA) - Critical - Access bypass - SA-CONTRIB-2024-043

Vendor Drupal
Product Two-factor Authentication (TFA)
Weakness CWE-384 · Session fixation
Published January 9, 2025
Last update January 10, 2025

CVSS base score

What the vulnerability does

01Description

Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0.

Key dates

02Disclosure timeline

January 9, 2025 CVE published
January 10, 2025 Record updated