WordPress Plugin Vulnerabilities

WP 2FA < 2.3.0 - Time-Based Side-Channel Attack

Description

The plugin uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared.

Affects Plugins

wp-2fa

Fixed in version 2.3.0

References

CVE

CVE-2022-2891

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CWE-200

Miscellaneous

Original Researcher

Calvin Alkan

Submitter

Calvin

Submitter website

https://snicco.io

Verified

Yes

WPVDB ID

301b3dce-2584-46ec-92ed-1c0626522120

Timeline

Publicly Published

2022-09-14 (about 8 months ago)

Added

2022-09-14 (about 8 months ago)

Last Updated

2022-09-14 (about 8 months ago)

Our Other Services

WPScan WordPress Security Plugin