Developer Network™

Download
Launch

Security Announcements

[20171102] - Core - 2-factor-authentication bypass

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Medium
  • Versions: 3.2.0 through 3.8.1
  • Exploit type: 
  • Reported Date: 2017-October-31
  • Fixed Date: 2017-November-07
  • CVE Number: CVE-2017-16634

Description

A bug allowed third parties to bypass a user's 2-factor-authentication method.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.8.1

Solution

Upgrade to version 3.8.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Yarince