The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/301b3dce-2584-46ec-92ed-1c0626522120 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/301b3dce-2584-46ec-92ed-1c0626522120 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:01
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/301b3dce-2584-46ec-92ed-1c0626522120 - Exploit, Third Party Advisory |
21 Jul 2023, 16:44
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-203 |
11 Oct 2022, 17:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-10 21:15
Updated : 2024-11-21 07:01
NVD link : CVE-2022-2891
Mitre link : CVE-2022-2891
CVE.ORG link : CVE-2022-2891
JSON object : View
Products Affected
wpwhitesecurity
- wp_2fa
CWE
CWE-203
Observable Discrepancy