CVE-2026-45749— Termix 安全漏洞

Termix's TOTP two-factor authentication can be disabled or bypassed using only the account password

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /users/totp/disable` and `POST /users/totp/backup-codes` endpoints in Termix prior to version 2.3.2 accept the account password as a sole authentication factor for MFA-critical operations. An attacker who obtains a user's password (phishing, credential stuffing, the passwordHash leak in GHSA-xxxx) can disable TOTP entirely or regenerate backup codes, without ever possessing the TOTP device or knowing a valid TOTP code. This renders two-factor authentication ineffective. Version 2.3.2 patches the issue.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

使用单一因素认证机制

Termix 安全漏洞

Termix是Karmaa个人开发者的一个服务器管理平台。 Termix 2.3.2之前版本存在安全漏洞，该漏洞源于POST /users/totp/disable和POST /users/totp/backup-codes端点仅接受账户密码作为MFA关键操作的唯一身份验证因素，可能导致获取用户密码的攻击者禁用TOTP或重新生成备份代码，使双因素身份验证失效。

N/A

N/A