Known Vulnerabilities
CVE-2024-13279
Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0.
CRITICAL
CVSS 9.8
Published Jan 09, 2025
CVE-2024-13239
Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.
CRITICAL
CVSS 9.8
Published Jan 09, 2025