CVE-2022-28601

A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism.
Configurations

Configuration 1 (hide)

cpe:2.3:a:lmsdoctor:2_factor_authentication:-:*:*:*:*:moodle:*:*

History

21 Nov 2024, 06:57

Type Values Removed Values Added
References () https://github.com/FlaviuPopescu/CVE-2022-28601 - Exploit, Third Party Advisory () https://github.com/FlaviuPopescu/CVE-2022-28601 - Exploit, Third Party Advisory
References () https://www.lmsdoctor.com/simple-2-factor-authentication-plugin-for-moodle - Product () https://www.lmsdoctor.com/simple-2-factor-authentication-plugin-for-moodle - Product

Information

Published : 2022-05-10 21:15

Updated : 2024-11-21 06:57


NVD link : CVE-2022-28601

Mitre link : CVE-2022-28601

CVE.ORG link : CVE-2022-28601


JSON object : View

Products Affected

lmsdoctor

  • 2_factor_authentication
CWE
CWE-863

Incorrect Authorization