Description
A security vulnerability has been detected in kalcaddle kodbox 1.64. This impacts the function loginAfter/tfaVerify of the file /workspace/source-code/plugins/client/controller/tfa/index.class.php of the component Password Login. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-23
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized authentication bypass
Action: Immediate Patch
AI Analysis

Impact

A vulnerability in Kalcaddle Kodbox 1.64 allows an attacker to manipulate the loginAfter/tfaVerify function in the tfa/index.class.php file to bypass two‑factor verification and authenticate as any user, thereby gaining unauthorized access to protected resources. The flaw corresponds to improper authentication (CWE‑287) and enables misuse of accounts, potential data exfiltration, and possible privilege escalation.

Affected Systems

The issue affects Kalcaddle Kodbox version 1.64, specifically the file located at /workspace/source-code/plugins/client/controller/tfa/index.class.php within the Password Login component. No other versions are reported as vulnerable; therefore only installations of 1.64 are at risk until a vendor fix becomes available.

Risk and Exploitability

The CVSS base score of 6.3 indicates moderate severity, and the description notes high complexity and difficult exploit, but confirms that the exploit has been publicly disclosed and may be used. The attack vector is remote, meaning an attacker does not need local access to trigger the vulnerability. Although exploitation is reported as difficult, the public availability of exploit code raises the likelihood that attackers may attempt to use the flaw, especially if the vendor does not release a patch promptly. The vulnerability is not listed in CISA’s KEV catalog and no EPSS score is available, so its current exploitation probability remains uncertain; nevertheless, the potential for unauthorized access warrants immediate mitigation.

Generated by OpenCVE AI on March 23, 2026 at 17:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify if KAlcaddle has released an official patch or updated version for Kodbox 1.64 and apply it immediately if available.
  • If a patch is not yet released, limit remote access to the authentication endpoint using firewall rules or IP whitelisting to reduce exposure.
  • Disable or block the tfaVerify endpoint temporarily if possible, while maintaining service functionality through alternative authentication flow.
  • Enable detailed logging for authentication attempts and review logs for suspicious activity, ensuring that two‑factor verification is genuinely enforced.
  • Monitor the system for anomalous login activity and consider temporary boundary controls until a permanent fix is applied.

Generated by OpenCVE AI on March 23, 2026 at 17:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Kalcaddle
Kalcaddle kodbox
Vendors & Products Kalcaddle
Kalcaddle kodbox

Mon, 23 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in kalcaddle kodbox 1.64. This impacts the function loginAfter/tfaVerify of the file /workspace/source-code/plugins/client/controller/tfa/index.class.php of the component Password Login. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title kalcaddle kodbox Password Login index.class.php tfaVerify improper authentication
Weaknesses CWE-287
References
Metrics cvssV2_0

{'score': 5.1, 'vector': 'AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.6, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Kalcaddle Kodbox
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-23T17:51:46.217Z

Reserved: 2026-03-22T11:40:32.961Z

Link: CVE-2026-4592

cve-icon Vulnrichment

Updated: 2026-03-23T17:50:59.886Z

cve-icon NVD

Status : Deferred

Published: 2026-03-23T16:16:52.973

Modified: 2026-04-24T16:32:53.997

Link: CVE-2026-4592

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:37:28Z

Weaknesses