A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism.
References
Link | Resource |
---|---|
https://github.com/FlaviuPopescu/CVE-2022-28601 | Exploit Third Party Advisory |
https://www.lmsdoctor.com/simple-2-factor-authentication-plugin-for-moodle | Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-05-10T20:42:50
Updated: 2022-05-10T20:42:50
Reserved: 2022-04-04T00:00:00
Link: CVE-2022-28601
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-10T21:15:11.077
Modified: 2022-05-23T16:29:07.000
Link: CVE-2022-28601
JSON object: View
Redhat Information
No data.
CWE