In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.Referenceshttp://www.securityfocus.com/bid/101701https://developer.joomla.org/security-centre/713-20171102-core-2-factor-authentication-bypasshttp://www.securitytracker.com/id/1039757
