[//]: # (werk v2)
# Fix 2FA bypass via RestAPI
key | value
---------- | ---
date | 2024-09-09T09:29:31+00:00
version | 2.4.0b1
class | security
edition | cre
component | wato
level | 1
compatible | yes
Previous to this Werk the RestAPI did not properly check if a user that is supposed to
authenticated with multiple factors indeed authenticated fully.
This issue was found during internal review.
*Affected Versions*:
* 2.3.0
* 2.2.0
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 9.2 High
(`CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N`) and assigned
`CVE-2024-8606`.