An issue in Roundcube Plus Plugin: Two Factor Authentication (x2fa) 1.0 to 1.1.8 allows attackers to bypass the security mechanism and gain unauthorized access via a crafted request.