8.1
CVE-2026-45749
- EPSS 0.32%
- Veröffentlicht 05.06.2026 18:05:11
- Zuletzt bearbeitet 08.06.2026 14:59:48
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginTermix's TOTP two-factor authentication can be disabled or bypassed using only the account password
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /users/totp/disable` and `POST /users/totp/backup-codes` endpoints in Termix prior to version 2.3.2 accept the account password as a sole authentication factor for MFA-critical operations. An attacker who obtains a user's password (phishing, credential stuffing, the passwordHash leak in GHSA-xxxx) can disable TOTP entirely or regenerate backup codes, without ever possessing the TOTP device or knowing a valid TOTP code. This renders two-factor authentication ineffective. Version 2.3.2 patches the issue.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.241 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-308 Use of Single-factor Authentication
The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.
https://github.com/Termix-SSH/Termix/releases/tag/release-2.3.2-tag
https://github.com/Termix-SSH/Termix/security/advisories/GHSA-wqfw-rqj7-fv9m