Assigner | Joomla |
Reserved | 2024-01-01 |
Published | 2024-02-20 |
Updated | 2024-07-21 |
Description
The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified.
Problem types
CWE-613 Insufficient Session Expiration
Product status
3.2.0-3.10.14
4.0.0-4.4.2
5.0.0-5.0.2
Credits
Carsten Schmitz
References
https://developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html