Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2024-0227
HistoryJan 11, 2024 - 8:15 p.m.

Design/Logic Flaw

2024-01-1120:15:00
PRIOn knowledge base
www.prio-n.com
7
devise-two-factor
login throttling
brute-force
totp
entropy limitations
2fa mechanism

AI Score

7.1

Confidence

Low

EPSS

0

Percentile

9.0%

JSON

Devise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm’s (TOTP) inherent entropy limitations, it’s possible for an attacker to bypass the 2FA mechanism through brute-force attacks.

Related

nvd 1
cve 1
cvelist 1
github 1
veracode 1
osv 2
nvd
nvd
CVE-2024-0227
2024-01-11 20:15:44
cve
cve
CVE-2024-0227
2024-01-11 20:15:44
cvelist
cvelist
CVE-2024-0227
2024-01-11 19:35:51
github
github
Devise-Two-Factor vulnerable to brute force attacks
2024-01-12 15:13:05
veracode
veracode
Brute Force Attack
2024-01-12 09:57:14
osv
osv
Devise-Two-Factor vulnerable to brute force attacks
2024-01-12 15:13:05
CVE-2024-0227
2024-01-11 20:15:44

AI Score

7.1

Confidence

Low

EPSS

0

Percentile

9.0%

JSON
Related for PRION:CVE-2024-0227
nvd1cve1cvelist1github1veracode1osv2