A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled.
References
Link | Resource |
---|---|
https://hackerone.com/reports/992280 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2023-05-09T00:00:00
Updated: 2023-05-09T00:00:00
Reserved: 2023-03-14T00:00:00
Link: CVE-2023-28316
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-05-09T22:15:09.980
Modified: 2023-05-17T14:55:34.737
Link: CVE-2023-28316
JSON object: View
Redhat Information
No data.
CWE