Drupal Two-Factor Authentication vulnerabilities
4 known vulnerabilities affecting drupal/two-factor_authentication.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-13239P2CRITICALCVSS 9.8≥ 0.0.0, < 1.5.02025-01-09
CVE-2024-13239 [CRITICAL] CWE-1390 CVE-2024-13239: Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Ab
Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.
nvd
CVE-2024-13279P3CRITICALCVSS 9.8≥ 0.0.0, < 1.8.02025-01-09
CVE-2024-13279 [CRITICAL] CWE-384 CVE-2024-13279: Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.Thi
Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0.
nvd
CVE-2025-31694P3HIGHCVSS 8.1≥ 0.0.0, < 1.10.02025-03-31
CVE-2025-31694 [HIGH] CWE-288 CVE-2025-31694: Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Brow
Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0.
nvd
CVE-2025-7030P3MEDIUMCVSS 6.5≥ 0.0.0, < 1.11.02025-07-08
CVE-2025-7030 [MEDIUM] CWE-267 CVE-2025-7030: Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication (TFA) allows
Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication (TFA) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.11.0.
nvd