Security Advisory 2024-07-21

Authentication Bypass in phpMyFAQ

Issued on:
2024-07-21
Software:
phpMyFAQ <= 4.0.0-alpha.2
Risk:
High
Platforms:
all

The phpMyFAQ Team has learned of a security issues that'd been discovered in phpMyFAQ 4.0.0-alpha.2 and earlier. An authentication bypass has been discovered in the phpMyFAQ application. This vulnerability allows attackers to take over accounts that do not have Two-Factor Authentication (2FA) configured.

Description

It was found that the 2FA implementation has a critical flaw. Specifically, the "secret" field for 2FA can be left as a blank string under some conditions, including fresh installations. The vulnerability exists in the handling of the 2FA token in the `index.php` and `TwoFactor.php` files.

Solution

The phpMyFAQ Team has released the new phpMyFAQ version 4.0.0-alpha.3, which fixes the vulnerability. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.

Workaround

There's no workaround except installing phpMyFAQ 3.2.8 or phpMyFAQ 4.0.0-alpha.3.

Thanks

The phpMyFAQ team would like to thank Christian Pöschl (CODE WHITE GmbH) for the responsible disclosures of these vulnerability.

Back to the security advisories overview