Two-Factor Authentication Vulnerability in Frappe Framework
CVE-2020-27508

7.5HIGH

Key Information:

Vendor

Frappe

Status
Frappe
Vendor
CVE Published:
11 December 2020

What is CVE-2020-27508?

In the Frappe Framework, a vulnerability exists in the two-factor authentication mechanism where the system erroneously sends the 2FA secret key in its response. This flaw can allow an attacker to gain unauthorized access by intercepting the secret key, thereby compromising the essential two-factor authentication security that is supposed to protect user accounts. Proper implementation should ensure that such sensitive information is not exposed during the authentication process.

References

https://github.com/frappe/frappe/pull/11263
x_refsource_MISC
https://github.com/frappe/frappe/pull/11262
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.