CVE-2025-31676
31.03.2025, 22:15
Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email TFA: from 0.0.0 before 2.0.3.Enginsight
| Vendor | Product | Version |
|---|---|---|
| email_tfa_project | email_tfa | 𝑥 < 2.0.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-1390 - Weak AuthenticationThe product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
- CWE-307 - Improper Restriction of Excessive Authentication AttemptsThe product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.