Craft CMS Patches Token Reuse Vulnerability
CVE-2024-41800

7.5HIGH

Key Information:

Vendor

Craft

Status
Vendor
CVE Published:
25 July 2024

What is CVE-2024-41800?

Craft CMS version 5 contains a vulnerability that allows the reuse of Time-based One-Time Password (TOTP) tokens within their validity period. An attacker who possesses the victim's credentials can exploit this issue by resubmitting a valid TOTP token to initiate an authenticated session. This risk necessitates prompt action as it puts user accounts at risk. The vulnerability has been resolved in Craft version 5.2.3, which addresses the issues related to TOTP token handling.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.