CVE-2022-2891

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpwhitesecurity:wp_2fa:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:01

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/301b3dce-2584-46ec-92ed-1c0626522120 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/301b3dce-2584-46ec-92ed-1c0626522120 - Exploit, Third Party Advisory

21 Jul 2023, 16:44

Type Values Removed Values Added
CWE CWE-200 CWE-203

11 Oct 2022, 17:19

Type Values Removed Values Added
New CVE

Information

Published : 2022-10-10 21:15

Updated : 2024-11-21 07:01


NVD link : CVE-2022-2891

Mitre link : CVE-2022-2891

CVE.ORG link : CVE-2022-2891


JSON object : View

Products Affected

wpwhitesecurity

  • wp_2fa
CWE
CWE-203

Observable Discrepancy