ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Google Authenticator Plugin <= 0.47 - Authentication Bypass

Product
Google Authenticator
Description
This plugin is prone to a two factor authentication Bypass vulnerability. Attackers with a valid password can bypass the two-factor OTP by using an email address.
Solution
Upgrade this plugin.
Classification
Type BYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
References
WordPress
CVE
Name CVE-N/A
Versions
Affected In <= 0.47
Fixed In 0.48
Disclosure date
2016-04-28
Credits
Anonymous