CNNVD-202511-2044 Information

CNNVD ID

CNNVD-202511-2044

Related CVE

CVE-2025-12760

• CNNVD Published: 2025-11-18

Description (Chinese)

Drupal Email TFA是Drupal社区的一个为 Drupal 提供基于电子邮件的两因素认证功能的模块。 Drupal Email TFA 2.0.6之前版本存在安全漏洞，该漏洞源于使用替代路径或通道绕过身份验证，可能导致功能绕过。

Description (English)

Drupal Email TFA is a module for the Drupal community that provides the two-factor authentication function for Drupal based on e-mail. There was a security loophole in the pre-Drupal Email TFA 2.0.6 version, which stemmed from the use of alternative paths or channels to bypass identification, which could lead to a functional circumvention.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Drupal

Published

2025-11-18

Last Modified

2026-02-24

References

https://www.drupal.org/sa-contrib-2025-115 https://vigilance.fr/vulnerability/Drupal-Email-TFA-user-access-dated-06-11-2025-48675

Patch

https://www.drupal.org/project/email_tfa/releases