An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phpmyadmin | Phpmyadmin | 4.9.0 (including) | 4.9.8 (excluding) |
Phpmyadmin | Phpmyadmin | 5.1.0 (including) | 5.1.2 (excluding) |
Phpmyadmin | Ubuntu | esm-apps/focal | * |
Phpmyadmin | Ubuntu | focal | * |
Phpmyadmin | Ubuntu | impish | * |
Phpmyadmin | Ubuntu | kinetic | * |
Phpmyadmin | Ubuntu | lunar | * |
Phpmyadmin | Ubuntu | mantic | * |
Phpmyadmin | Ubuntu | trusty | * |
Phpmyadmin | Ubuntu | xenial | * |