The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/301b3dce-2584-46ec-92ed-1c0626522120 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-10-10T00:00:00
Updated: 2023-07-24T09:59:20.811Z
Reserved: 2022-08-18T00:00:00
Link: CVE-2022-2891
JSON object: View
NVD Information
Status : Modified
Published: 2022-10-10T21:15:10.877
Modified: 2023-11-07T03:47:03.263
Link: CVE-2022-2891
JSON object: View
Redhat Information
No data.
CWE