scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token

Main / scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token

Discription

Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor…Read More

References

Back to Main

Subscribe for the latest news: