Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2022-2891
HistoryOct 10, 2022 - 12:00 a.m.

CVE-2022-2891 WP 2FA < 2.3.0 - Time-Based Side-Channel Attack

2022-10-1000:00:00
WPScan
www.cve.org
3
wp 2fa
wordpress
time-based side-channel attack
vulnerable
authentication codes

EPSS

0.002

Percentile

58.7%

JSON

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don’t mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP 2FA",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "2.3.0"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Related

cve 1
nvd 1
patchstack 1
wpvulndb 1
prion 1
cve
cve
CVE-2022-2891
2022-10-10 21:15:10
nvd
nvd
CVE-2022-2891
2022-10-10 21:15:10
patchstack
patchstack
WordPress WP 2FA plugin <= 2.2.1 - Time-Based Side-Channel Attack vulnerability
2022-09-14 00:00:00
wpvulndb
wpvulndb
WP 2FA < 2.3.0 - Time-Based Side-Channel Attack
2022-09-14 00:00:00
prion
prion
Authentication flaw
2022-10-10 21:15:00

EPSS

0.002

Percentile

58.7%

JSON
Related for CVELIST:CVE-2022-2891
cve1nvd1patchstack1wpvulndb1prion1