Homepage

wagtail-2fa@1.2.0 vulnerabilities

Two factor authentication for Wagtail

  • latest version

    1.6.9

  • latest non vulnerable version

    1.6.9

  • first published

    6 years ago

  • latest version published

    1 years ago

  • licenses detected

  • View wagtail-2fa package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the wagtail-2fa package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Access Restriction Bypass

    wagtail-2fa is a Django app adding two factor authentication to Wagtail.

    Affected versions of this package are vulnerable to Access Restriction Bypass. Any user with access to the CMS could view and delete other users 2FA devices by going to the correct path. By deleting the other users device they can disable the target users 2FA devices and potentially compromise the account if they figure out their password.

    How to fix Access Restriction Bypass?

    Upgrade wagtail-2fa to version 1.4.1 or higher.

    [,1.4.1)
    • H
    Improper Access Control

    wagtail-2fa is a Django app adding two factor authentication to Wagtail.

    Affected versions of this package are vulnerable to Improper Access Control. If a malicious user gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS.

    How to fix Improper Access Control?

    Upgrade wagtail-2fa to version 1.3.0 or higher.

    [,1.3.0)
    Go back to all versions of this package