php · filament/filamentCritical
filament/filament: Recovery Code Reuse via Concurrent Submission
A flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission, enablin
What changed
A flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission, enabling multiple authenticated sessions per recovery code.
Who it affects
Users of filament/filament with app-based MFA and recovery codes enabled.
What to do today
Update to the latest patched version of filament/filament as soon as possible.
The trail
Collected→
Audited→
Written→
Published