CVE-2026-45749: CWE-308: Use of Single-factor Authentication in Termix-SSH Termix
Termix versions prior to 2. 3. 2 contain a vulnerability where critical multi-factor authentication (MFA) operations can be performed using only the account password. Specifically, the endpoints for disabling TOTP and regenerating backup codes accept just the password without requiring the TOTP code. This flaw allows an attacker who has obtained a user's password to bypass two-factor authentication protections. The issue is fixed in Termix version 2. 3. 2.
AI Analysis
Technical Summary
CVE-2026-45749 describes a weakness in Termix-SSH's Termix platform where the POST endpoints /users/totp/disable and /users/totp/backup-codes accept only the account password to perform MFA-sensitive actions. This effectively reduces MFA to single-factor authentication, enabling attackers with the password to disable TOTP or generate backup codes without the TOTP device or code. The vulnerability is classified as CWE-308 (Use of Single-factor Authentication) and affects versions prior to 2.3.2. The CVSS v3.1 score is 8.1, indicating high severity. No official remediation level or patch link is provided in the data, but version 2.3.2 is noted as patched.
Potential Impact
An attacker who obtains a user's password through phishing, credential stuffing, or other means can bypass two-factor authentication by disabling TOTP or regenerating backup codes without needing the second factor. This compromises the confidentiality and integrity of user accounts, allowing unauthorized access with high impact on confidentiality and integrity, but no direct impact on availability is indicated.
Mitigation Recommendations
Upgrade Termix to version 2.3.2 or later, where this vulnerability is fixed. Since the vendor advisory or patch links are not explicitly provided, verify the update from official Termix sources before applying. Until patched, consider additional controls to protect user passwords and monitor for suspicious account activity related to MFA settings changes.
CVE-2026-45749: CWE-308: Use of Single-factor Authentication in Termix-SSH Termix
Description
Termix versions prior to 2. 3. 2 contain a vulnerability where critical multi-factor authentication (MFA) operations can be performed using only the account password. Specifically, the endpoints for disabling TOTP and regenerating backup codes accept just the password without requiring the TOTP code. This flaw allows an attacker who has obtained a user's password to bypass two-factor authentication protections. The issue is fixed in Termix version 2. 3. 2.
CVSS v3.1
Score 8.1high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-45749 describes a weakness in Termix-SSH's Termix platform where the POST endpoints /users/totp/disable and /users/totp/backup-codes accept only the account password to perform MFA-sensitive actions. This effectively reduces MFA to single-factor authentication, enabling attackers with the password to disable TOTP or generate backup codes without the TOTP device or code. The vulnerability is classified as CWE-308 (Use of Single-factor Authentication) and affects versions prior to 2.3.2. The CVSS v3.1 score is 8.1, indicating high severity. No official remediation level or patch link is provided in the data, but version 2.3.2 is noted as patched.
Potential Impact
An attacker who obtains a user's password through phishing, credential stuffing, or other means can bypass two-factor authentication by disabling TOTP or regenerating backup codes without needing the second factor. This compromises the confidentiality and integrity of user accounts, allowing unauthorized access with high impact on confidentiality and integrity, but no direct impact on availability is indicated.
Mitigation Recommendations
Upgrade Termix to version 2.3.2 or later, where this vulnerability is fixed. Since the vendor advisory or patch links are not explicitly provided, verify the update from official Termix sources before applying. Until patched, consider additional controls to protect user passwords and monitor for suspicious account activity related to MFA settings changes.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-13T06:54:34.220Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a23130be29bf47b50a3ecee
Added to database: 6/5/2026, 6:18:51 PM
Last enriched: 6/5/2026, 6:33:45 PM
Last updated: 6/5/2026, 7:28:54 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.