Primary

Context

Frappe Press 2FA Bypass Vulnerability

Vulnerability

A vulnerability in the Frappe custom app 'Press', which operates on Frappe Cloud, allows users to bypass two-factor authentication (2FA) during login. This issue arises from insufficient server-side validation of 2FA, enabling unauthorized access. The vulnerability affects versions of the app prior to the commit ddb439f8eb1816010f2ef653a908648b71f9bba8.

Impact

Exploitation of this vulnerability allows users to bypass 2FA login requirements, potentially leading to unauthorized access to user accounts.

Remediation

Users can update to the version that includes the patch for this vulnerability, available in the commit ddb439f8eb1816010f2ef653a908648b71f9bba8.

Added: Jul 8, 2025, 5:34 PM

Updated: Jul 8, 2025, 5:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frappe Press 2FA Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating