Vulnerabilities > CVE-2022-2891 - Information Exposure Through Discrepancy vulnerability in Wpwhitesecurity WP 2FA
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared.