TOTVS Framework Multi-Factor Authentication Bypass Vulnerability

Vulnerability

A vulnerability in TOTVS Framework (Linha Protheus) version 12.1.2310 allows attackers to bypass multi-factor authentication (MFA) by sending a crafted websocket message. This exploitation can lead to unauthorized access or actions that require MFA, potentially compromising the security of the application or its users.

Impact

Exploitation of this vulnerability allows for bypassing multi-factor authentication, leading to unauthorized access or actions that require MFA.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TOTVS Framework Multi-Factor Authentication Bypass Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating