cve/CVE-2024-5657.md at 8932a8488dd21e852071ba599ad31c417dc6b90a

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00

0xMarcio 8932a8488d Update CVE sources 2024-06-08 09:32

2024-06-08 09:32:58 +00:00

855 B

Raw Blame History

CVE-2024-5657

Description

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.

POC

Reference

https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240202-01_CraftCMS_Plugin_Two-Factor_Authentication_Password_Hash_Disclosure

Github

No PoCs found on GitHub currently.

855 B Raw Blame History

CVE-2024-5657

Description

POC

Reference

Github

855 B

Raw Blame History