CVE Details
Basic Information
| Title | Enterprise MFA – TFA for Drupal – Critical – Access bypass – SA-CONTRIB-2025-082 |
|---|---|
| Type | cve |
| Published | 2025-06-26T13:33:35.019Z |
| Last Seen |
Product Information
| Vendor | Drupal |
|---|---|
| Product | Enterprise MFA – TFA for Drupal |
| Version | 0.0.0 |
CVSS Information
| Base Score | 0.0 () |
|---|---|
| Attack Vector | |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A vulnerability in the Drupal Enterprise MFA – TFA plugin allows attackers to bypass authentication. This issue affects multiple versions of the plugin. |
|---|---|
| AI Severity | Critical |
| Vendor | Drupal Community |
| Product | Enterprise MFA – TFA for Drupal |
| Affected Version | 0.0.0, 5.2.0, 5.0.*, 5.1.* |
Affected Products
- Drupal Enterprise MFA – TFA for Drupal 0.0.0
- Drupal Enterprise MFA – TFA for Drupal 5.2.0
- Drupal Enterprise MFA – TFA for Drupal 0.0.0
- Drupal Enterprise MFA – TFA for Drupal 0.0.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-288 |
| Bulletin Family |
References
Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0 before 5.1.*.