Two Factor Authentication
Monthly
CVE-2025-7030 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.
Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.0.0 before 1.10.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.0.0 before 1.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.0.0 before 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
CVE-2025-7030 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.
Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.0.0 before 1.10.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.0.0 before 1.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.0.0 before 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.