CVE-2022-28601

medium

Description

A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism.

References

https://www.lmsdoctor.com/simple-2-factor-authentication-plugin-for-moodle

https://github.com/FlaviuPopescu/CVE-2022-28601

Details

Source: Mitre, NVD

Published: 2022-05-10

Updated: 2022-05-23

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N