WordPress Google Authenticator Plugin <= 0.47 - Authentication Bypass

google-authenticator

Software
Google Authenticator
Versions
<= 0.47
Disclosure date
2016-04-28
CVE
CVE-N/A
References
Credits
Classification
Bypass Vulnerability
OWASP Top 10
A2: Broken Authentication and Session Management

Are your websites subject to this vulnerability?

Details

This plugin is prone to a two factor authentication Bypass vulnerability. Attackers with a valid password can bypass the two-factor OTP by using an email address.

Solution

Upgrade this plugin.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.