Primary

Context

Drupal Email TFA Authentication Bypass Vulnerability

Vulnerability

An authentication bypass vulnerability has been identified in the Drupal Email TFA module, versions prior to 2.0.6. This vulnerability allows users to bypass the two-factor authentication mechanism provided by the module for email-based logins. The issue arises because the module does not fully secure all login pathways as intended. Exploitation of this vulnerability requires valid user credentials, including a username and password.

Impact

Exploitation of this vulnerability allows for unauthorized access by bypassing the two-factor authentication requirement, potentially leading to unauthorized user actions or access rights.

Remediation

Users of the Drupal Email TFA module should upgrade to version 2.0.6.

Added: Nov 18, 2025, 5:41 PM

Updated: Nov 18, 2025, 10:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal Email TFA Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating