← volver
CVE-2019-12363

CVE-2019-12363

EPSS 0.6%
An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate (or usercp.php?action=mybb2fa&do=activate). A deactivate operation lowers the security of the targeted account by disabling two factor authentication.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://community.mybb.com/thread-162369.htmlhttps://seekurity.com/blog/advisories/mybb-two-factor-authentication-extension-vulnerabilities/