Incorrect Implementation of Authentication Algorithm Affecting github.com/mattermost/mattermost/server/platform/shared/mfa package, versions >=9.5.0 <9.5.11 >=9.11.0 <9.11.3 >=10.0.0 <10.1.0
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMMATTERMOSTMATTERMOSTSERVERPLATFORMSHAREDMFA-8366642
- published 12 Nov 2024
- disclosed 9 Nov 2024
- credit DoyenSec
Introduced: 9 Nov 2024
New CVE-2024-36250 Open this link in a new tabHow to fix?
Upgrade github.com/mattermost/mattermost/server/platform/shared/mfa
to version 9.5.11, 9.11.3, 10.1.0 or higher.
Overview
Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm due to the improper handling of the MFA code. An attacker can reuse the MFA code within approximately 30 seconds by exploiting the lack of protection against replay attacks.