Lucene search
Veracode Vulnerability DatabaseVERACODE:36940HistorySep 05, 2022 - 10:36 a.m.
Authentication Bypass
2022-09-0510:36:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
authentication bypass
two-factor authentication
recovery codes
vulnerability
software
EPSS
0.001
Percentile
30.4%
github.com/drakkan/sftpgo is vulnerable to authentication bypass attacks. The library authorizes recovery codes to be generated before enabling two-factor authentication which allows an attacker who knows the user’s password to potentially generate some recovery codes and then bypass two-factor authentication after it is enabled on the account at a later time.
Related
prion
prion
Authentication flaw
2022-09-02 18:15:00
cvelist
cvelist
CVE-2022-36071 Recovery codes abuse in SFTPGo
2022-09-02 17:15:12
cve
cve
CVE-2022-36071
2022-09-02 18:15:12
osv
osv
SFTPGo vulnerable to recovery codes abuse
2022-09-16 21:05:28
CVE-2022-36071
2022-09-02 18:15:12
SFTPGo vulnerable to recovery codes abuse in github.com/drakkan/sftpgo
2024-08-21 16:03:21
nvd
nvd
CVE-2022-36071
2022-09-02 18:15:12
github
github
SFTPGo vulnerable to recovery codes abuse
2022-09-16 21:05:28