TFA Basic plugins - Less critical - Access bypass - SA-CONTRIB-2025-085
Project
Date
Severity
Less Critical
Affected versions
<7.x-1.3
The TFA Basic plugins module does not sufficiently ensure that users with enhanced privileges are prevented from viewing recovery codes of other users.