CVE-2024-13239
Published: 09 January 2025
Summary
CVE-2024-13239 is a critical-severity Weak Authentication (CWE-1390) vulnerability in Two-Factor Authentication Project Two-Factor Authentication. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-13239 is a weak authentication vulnerability in the Drupal Two-factor Authentication (TFA) module that allows authentication abuse. The issue affects TFA versions from 0.0.0 before 1.5.0 and is associated with CWE-1390 and NVD-CWE-Other.
With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability enables unauthenticated attackers accessible over the network to exploit it with low complexity and no user interaction. Successful exploitation can lead to high impacts on confidentiality, integrity, and availability, potentially allowing full compromise of affected systems through authentication abuse.
The Drupal security advisory SA-CONTRIB-2024-003 at https://www.drupal.org/sa-contrib-2024-003 provides details on mitigation, including the patch released in TFA version 1.5.0. Security practitioners should update to the fixed version promptly.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-51453
Vulnerability details
Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Critical unauthenticated network-exploitable weakness in public-facing Drupal TFA module directly enables T1190 exploitation and facilitates T1556.006 MFA bypass/abuse leading to full compromise.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely remediation of the weak authentication flaw in the Drupal TFA module by patching to version 1.5.0, directly preventing exploitation and authentication abuse.
Mandates secure management, distribution, and verification of two-factor authenticators, comprehensively addressing weaknesses in the TFA module's authentication mechanisms.
Ensures monitoring of security advisories like Drupal SA-CONTRIB-2024-003 to detect and act on the TFA vulnerability before exploitation.