CVE-2023-28316

Published: May 9, 2023

Modified: Jan 28, 2025

PUBLISHED

Description

A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled.

Vendor	Product	Versions
n/a	Rocket.Chat	affected `Fixed in 6.0> and back-ported accordingly to our supported versions. Check https://docs.rocket.chat/resources/get-support/enterprise-support#rocket.chat-versions for more info`

Weaknesses (CWE)

CWE-384

References

https://hackerone.com/reports/992280

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-28316

Description

Affected Products

Weaknesses (CWE)

References