Drupal Enterprise MFA Authentication Bypass Vulnerability

Vulnerability

An authentication bypass vulnerability has been identified in Drupal Enterprise MFA - TFA for Drupal. This issue allows users to bypass authentication mechanisms, potentially leading to unauthorized access. The vulnerability affects versions prior to 4.8.0, 5.2.0 through 5.2.1, and 5.0.* prior to 5.1.*.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized users to gain access to restricted areas or functionalities.

Added: Jun 26, 2025, 2:28 PM

Updated: Jun 26, 2025, 2:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal Enterprise MFA Authentication Bypass Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating