Drupal Email Two-Factor Authentication Weak Authentication Vulnerability Allowing Brute Force

Vulnerability

A weak authentication vulnerability has been identified in the Drupal Email Two-Factor Authentication (TFA) module, versions 0.0.0 prior to 2.0.3. This vulnerability allows brute force attacks, potentially compromising user accounts by exploiting the TFA authentication process.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user accounts by bypassing or weakening the two-factor authentication mechanism.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal Email Two-Factor Authentication Weak Authentication Vulnerability Allowing Brute Force

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating