CVE-2025-69197: Php Totp Verifykey Replay Vulnerability
The application validates TOTP tokens using `verifyKey()`, which does not prevent tokens from being reused within their validity window. This allows for capture-replay attacks where an intercepted token is reused to bypass authentication. To prevent this, use `verifyKeyNewer()` and persist the timestamp of the last successful authentication to ensure one-tim
PHPβgreprules fetch cve-2025-69197-php-totp-verifykey-replay-vulnerability --engine opengrepDescription
The application validates TOTP tokens using `verifyKey()`, which does not prevent tokens from being reused within their validity window. This allows for capture-replay attacks where an intercepted token is reused to bypass authentication. To prevent this, use `verifyKeyNewer()` and persist the timestamp of the last successful authentication to ensure one-tim
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0