Skip to main content

Devise Two Factor

2 CVEs product

Monthly

CVE-2024-8796 Ruby MEDIUM PATCH This Month

Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Devise Two Factor
NVD GitHub
CVSS 4.0
6.0
EPSS
0.6%
CVE-2015-7225 Ruby MEDIUM PATCH This Month

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Information Disclosure Devise Two Factor
NVD GitHub
CVSS 3.0
5.3
EPSS
0.6%
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Devise Two Factor
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Information Disclosure Devise Two Factor
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy