50 matches found
EUVD-2024-2856
Malicious code in bioql PyPI...
EUVD-2022-1774
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-8796
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Under the default configuration, Devise-Two-Factor versions = 2.2.0 & = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit...
CVE-2021-43177
As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password OTP for one and only one immediately trailing interval. CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N...
Linux Distros Unpatched Vulnerability : CVE-2021-43177
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password OTP for one and...
Ubuntu: Security Advisory (USN-7050-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7050-1 ruby-devise-two-factor vulnerabilities
Benoit Côté-Jodoin and Michael Nipper discovered that Devise-Two-Factor incorrectly handled one-time password validation. An attacker could possibly use this issue to intercept and re-use a one-time password. CVE-2021-43177 Garrett Rappaport discovered that Devise-Two-Factor incorrectly handled...
Ubuntu 20.04 LTS / 22.04 LTS : Devise-Two-Factor vulnerabilities (USN-7050-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7050-1 advisory. Benoit Ct-Jodoin and Michael Nipper discovered that Devise-Two-Factor incorrectly handled one-time password validation. An attacker could...
Insufficient Entropy
devise-two-factor is vulnerable to Insufficient Entropy. The vulnerability is due to the generation of TOTP shared secrets that are only 120 bits, shorter than the 128-bit minimum defined by RFC 4226, allowing an attacker to more easily guess the shared secret and generate valid TOTP codes...
GHSA-QJXF-MC72-WJR2 Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length
Summary Under the default configuration, Devise-Two-Factor versions 1.0.0 or = 4.0.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make ...
Insufficient Entropy
Overview Affected versions of this package are vulnerable to Insufficient Entropy due to the use of an insufficient default, OTP shared secret length. Workaround If upgrading to the fixed version is not possible, users are advised to override the default otpsecretlength attribute in the model whe...
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length
Summary Under the default configuration, Devise-Two-Factor versions 1.0.0 or = 4.0.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make ...
CVE-2024-8796
Under the default configuration, Devise-Two-Factor versions = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier for an...
CVE-2024-8796
Under the default configuration, Devise-Two-Factor versions = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier for an...
DEBIAN-CVE-2024-8796
Under the default configuration, Devise-Two-Factor versions = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier for an...
UBUNTU-CVE-2024-8796
Under the default configuration, Devise-Two-Factor versions = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier for an...
CVE-2024-8796 Insufficient Default OTP Shared Secret Length
Under the default configuration, Devise-Two-Factor versions = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier for an...
CVE-2024-8796 Insufficient Default OTP Shared Secret Length
Under the default configuration, Devise-Two-Factor versions = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier for an...
CVE-2024-8796
CVE-2024-8796 affects the Devise-Two-Factor library. Under default configuration, versions >= 2.2.0 and
CVE-2024-8796
Under the default configuration, Devise-Two-Factor versions = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier for an...