CVE-2022-28601

A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism.
Configurations

Configuration 1 (hide)

cpe:2.3:a:lmsdoctor:2_factor_authentication:-:*:*:*:*:moodle:*:*

History

No history.

Information

Published : 2022-05-10 21:15

Updated : 2024-02-28 19:09


NVD link : CVE-2022-28601

Mitre link : CVE-2022-28601

CVE.ORG link : CVE-2022-28601


JSON object : View

Products Affected

lmsdoctor

  • 2_factor_authentication
CWE
CWE-863

Incorrect Authorization