Cal.com Authentication Bypass via bad TOTP + password checks

Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.

N/A

认证算法的不正确实现

Cal.com 安全漏洞

Cal.com是Cal.com开源的一个开源的日程安排软件。 Cal.com 5.9.8之前版本存在安全漏洞，该漏洞源于登录凭证提供程序存在逻辑缺陷，可能导致绕过密码验证和未授权访问。

N/A

N/A