mfa/FIDO2.py in django-mfa2 prior to 2.5.1 and 2.6.x prior to 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
django-mfa2 project django-mfa2 |