Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-42731

Published: 11/10/2022 Updated: 11/10/2022
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Django-mfa2 Project

Vulnerability Summary

mfa/FIDO2.py in django-mfa2 prior to 2.5.1 and 2.6.x prior to 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

django-mfa2 project django-mfa2

References

CWE-294https://github.com/mkalioby/django-mfa2/releases/tag/v2.6.1-releasehttps://github.com/mkalioby/django-mfa2/releases/tag/v2.5.1-releasehttps://github.com/mkalioby/django-mfa2/blob/0936ea253354dd95cb127f09d0efa31324caef27/mfa/FIDO2.py#L58https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook