In Joomla! prior to 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
joomla joomla\\!