Two-Factor Authentication Bypass in phpMyAdmin by phpMyAdmin
CVE-2022-23807

4.3MEDIUM

Key Information:

Vendor: PHPmyadmin
Status: PHPmyadmin
Vendor: CVE Published:; 22 January 2022

What is CVE-2022-23807?

A security issue has been identified in phpMyAdmin affecting versions prior to 4.9.8 and 5.1.2. This vulnerability permits a valid authenticated user to manipulate their account settings, allowing them to bypass the two-factor authentication mechanism in future login attempts. Such a security flaw can expose sensitive user data and compromise overall system integrity if exploited. Users are advised to update to the latest versions to mitigate potential risks.

References

https://www.phpmyadmin.net/security/PMASA-2022-1/

https://security.gentoo.org/glsa/202311-17

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2022
Vulnerability Reserved
Jan 21, 2022

PHPmyadmin

What is CVE-2022-23807?

References

CVSS V3.1

Timeline