Skip to main content

CWE-499

Serializable Class Containing Sensitive Data

1 CVEs Avg CVSS 8.1 MITRE
0
CRITICAL
1
HIGH
0
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2024-5657 PHP HIGH POC PATCH This Week

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Two Factor Authentication
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Two Factor Authentication
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy