Lucene search
PRIOn knowledge basePRION:CVE-2015-7225HistorySep 06, 2017 - 9:29 p.m.
Code injection
2017-09-0621:29:00
PRIOn knowledge base
www.prio-n.com
Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not “burn” a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user’s login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step.
| CPE | Name | Operator | Version |
|---|---|---|---|
| devise-two-factor | le | 1.1.0 |
Related
osv
osv
Tinfoil Devise-two-factor does not "burn" a successfully validated one-time password (OTP)
2018-08-28 22:34:15
CVE-2021-43177
2022-04-11 20:15:16
Improper one time password handling in devise-two-factor
2022-04-07 22:09:03
nvd
nvd
CVE-2015-7225
2017-09-06 21:29:00
CVE-2021-43177
2022-04-11 20:15:16
ubuntucve
ubuntucve
CVE-2015-7225
2017-09-06 00:00:00
CVE-2021-43177
2022-04-11 00:00:00
cve
cve
CVE-2015-7225
2017-09-06 21:29:00
CVE-2021-43177
2022-04-11 20:15:16
github
github
Tinfoil Devise-two-factor does not "burn" a successfully validated one-time password (OTP)
2018-08-28 22:34:15
Improper one time password handling in devise-two-factor
2022-04-07 22:09:03
debiancve
debiancve
CVE-2015-7225
2017-09-06 21:29:00
CVE-2021-43177
2022-04-11 20:15:16
cvelist
cvelist
CVE-2015-7225
2017-09-06 21:00:00
CVE-2021-43177
2022-04-11 19:37:40
rubygems
rubygems
Improper one time password handling in devise-two-factor
2022-04-06 21:00:00
veracode
veracode
Time-Based One-Time Password Algorithm (TOPT) Replay Attack
2022-04-12 07:15:00
prion
prion
Design/Logic Flaw
2022-04-11 20:15:00