Craft CMS Patches Token Reuse Vulnerability
CVE-2024-41800
7.5HIGH
What is CVE-2024-41800?
Craft CMS version 5 contains a vulnerability that allows the reuse of Time-based One-Time Password (TOTP) tokens within their validity period. An attacker who possesses the victim's credentials can exploit this issue by resubmitting a valid TOTP token to initiate an authenticated session. This risk necessitates prompt action as it puts user accounts at risk. The vulnerability has been resolved in Craft version 5.2.3, which addresses the issues related to TOTP token handling.
