CVE-2022-28601
N/A
N/A
Summary
A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.lmsdoctor.com/simple-2-factor-authentication-plugin-for-moodle
- https://github.com/FlaviuPopescu/CVE-2022-28601
References
- https://www.lmsdoctor.com/simple-2-factor-authentication-plugin-for-moodle
- https://github.com/FlaviuPopescu/CVE-2022-28601
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.