CVE-2025-31676
Published: 31 March 2025
Description
Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.
Security Summary
CVE-2025-31676 is a weak authentication vulnerability in the Drupal Email TFA module that allows brute force attacks. The issue affects Email TFA versions from 0.0.0 before 2.0.3 and is associated with CWEs-1390 (Weak Authentication) and CWE-307 (Improper Restriction of Excessive Authentication Attempts). It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.
An attacker with low privileges, such as a registered Drupal user, can exploit this vulnerability remotely without user interaction. By brute-forcing the email-based two-factor authentication mechanism, the attacker can bypass weak protections, potentially achieving account takeover, unauthorized access to sensitive data, or further compromise of the Drupal site.
The Drupal security advisory SA-CONTRIB-2025-001 (https://www.drupal.org/sa-contrib-2025-001) details the vulnerability and recommends upgrading to Email TFA version 2.0.3 or later as the primary mitigation.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability description explicitly states it allows brute force attacks due to weak authentication and lack of restrictions on excessive authentication attempts in the Email TFA module, directly mapping to T1110 Brute Force for guessing TFA codes to achieve account takeover.