Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
References
Link | Resource |
---|---|
https://www.drupal.org/sa-contrib-2025-053 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
10 Jun 2025, 15:25
Type | Values Removed | Values Added |
---|---|---|
First Time |
Miniorange
Miniorange miniorange 2fa |
|
References | () https://www.drupal.org/sa-contrib-2025-053 - Vendor Advisory | |
CPE | cpe:2.3:a:miniorange:miniorange_2fa:*:*:*:*:*:drupal:*:* |
15 May 2025, 15:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
Summary |
|
14 May 2025, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-14 17:15
Updated : 2025-06-10 15:25
NVD link : CVE-2025-47707
Mitre link : CVE-2025-47707
CVE.ORG link : CVE-2025-47707
JSON object : View
Products Affected
miniorange
- miniorange_2fa
CWE
CWE-288
Authentication Bypass Using an Alternate Path or Channel