Iwona Just

1 exploit Active since Jul 2024
CVE-2024-41800 WRITEUP MEDIUM WRITEUP
Craft CMS 5.0.1-5.2.2 - Authenticated TOTP Token Reuse
Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3.
CVSS 4.8