Security Advisory

CVE-2024-5657

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-06-06 10:29:40

Last updated 2025-09-03 07:13:32

Assigner sba-research

State PUBLISHED

Description

The CraftCMS plugin Two-Factor Authentication in versions 3.3.1, 3.3.2 and 3.3.3 discloses the password hash of the currently authenticated user after submitting a valid TOTP.

← Browse all CVEs View on cve.org ↗