DRUPAL-CONTRIB-2025-009

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/alogin/DRUPAL-CONTRIB-2025-009.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-009
Aliases
Published
2025-01-29T16:54:02Z
Modified
2025-12-10T23:41:19.864509Z
Summary
[none]
Details

This module allows a site to setup two factor authentication via QR code using authenticator applications on mobile devices including phones.

The module does not properly protect its custom paths, allowing one user to access a different user's two factor configuration.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/alogin

Package

Name
drupal/alogin
Purl
pkg:composer/drupal/alogin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.6
Database specific 
{
    "constraint": "<2.0.6"
}

Database specific

affected_versions 
"<2.0.6"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/alogin/DRUPAL-CONTRIB-2025-009.json"