CVE-2025-31676

Description

Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email TFA: from 0.0.0 before 2.0.3.

Reserved 2025-03-31 | Published 2025-03-31 | Updated 2025-04-29 | Assigner drupal

Problem types

CWE-1390 Weak Authentication

Product status

Default status
unaffected

0.0.0 before 2.0.3
affected

Credits

Ursin Cola finder

Ursin Cola remediation developer

abdulaziz zaid remediation developer

Greg Knaddison coordinator

Juraj Nemec coordinator

References

www.drupal.org/sa-contrib-2025-001

cve.org (CVE-2025-31676)

nvd.nist.gov (CVE-2025-31676)

Download JSON