Security Advisory 2024-07-21
Authentication Bypass in phpMyFAQ
- Issued on:
- 2024-07-21
- Software:
- phpMyFAQ <= 4.0.0-alpha.2
- Risk:
- High
- Platforms:
- all
The phpMyFAQ Team has learned of a security issues that'd been discovered in phpMyFAQ 4.0.0-alpha.2 and
earlier. An authentication bypass has been discovered in the phpMyFAQ application.
This vulnerability allows attackers to take over accounts that do not have Two-Factor Authentication (2FA) configured.
Description
It was found that the 2FA implementation has a critical flaw.
Specifically, the "secret" field for 2FA can be left as a blank string under some conditions, including fresh installations.
The vulnerability exists in the handling of the 2FA token in the `index.php` and `TwoFactor.php` files.
Solution
The phpMyFAQ Team has released the new phpMyFAQ version 4.0.0-alpha.3, which fixes the vulnerability. All
users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
Workaround
There's no workaround except installing phpMyFAQ 3.2.8 or phpMyFAQ 4.0.0-alpha.3.
Thanks
The phpMyFAQ team would like to thank Christian Pöschl (CODE WHITE GmbH) for the responsible disclosures of these vulnerability.