Cyber Resilience

CVE-2024-13239

Critical

Published: 09 January 2025

Published
09 January 2025
Modified
04 June 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0058 69.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-13239 is a critical-severity Weak Authentication (CWE-1390) vulnerability in Two-Factor Authentication Project Two-Factor Authentication. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-13239 is a weak authentication vulnerability in the Drupal Two-factor Authentication (TFA) module that allows authentication abuse. The issue affects TFA versions from 0.0.0 before 1.5.0 and is associated with CWE-1390 and NVD-CWE-Other.

With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability enables unauthenticated attackers accessible over the network to exploit it with low complexity and no user interaction. Successful exploitation can lead to high impacts on confidentiality, integrity, and availability, potentially allowing full compromise of affected systems through authentication abuse.

The Drupal security advisory SA-CONTRIB-2024-003 at https://www.drupal.org/sa-contrib-2024-003 provides details on mitigation, including the patch released in TFA version 1.5.0. Security practitioners should update to the fixed version promptly.

EU & UK References

Vulnerability details

Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1556.006 Multi-Factor Authentication Defense Impairment
Adversaries may disable or modify multi-factor authentication (MFA) mechanisms to enable persistent access to compromised accounts.
Why these techniques?

Critical unauthenticated network-exploitable weakness in public-facing Drupal TFA module directly enables T1190 exploitation and facilitates T1556.006 MFA bypass/abuse leading to full compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-13279Same product: Two-Factor Authentication Project Two-Factor Authentication
CVE-2025-31694Same product: Two-Factor Authentication Project Two-Factor Authentication
CVE-2025-40554Shared CWE-1390
CVE-2025-12870Shared CWE-1390
CVE-2023-53894Shared CWE-1390
CVE-2026-4828Shared CWE-1390
CVE-2025-40552Shared CWE-1390
CVE-2026-28710Shared CWE-1390
CVE-2026-6886Shared CWE-1390
CVE-2025-1387Shared CWE-1390

Affected Assets

two-factor authentication project
two-factor authentication
≤ 8.x-1.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of the weak authentication flaw in the Drupal TFA module by patching to version 1.5.0, directly preventing exploitation and authentication abuse.

prevent

Mandates secure management, distribution, and verification of two-factor authenticators, comprehensively addressing weaknesses in the TFA module's authentication mechanisms.

preventdetect

Ensures monitoring of security advisories like Drupal SA-CONTRIB-2024-003 to detect and act on the TFA vulnerability before exploitation.

References