Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.14 views

EUVD-2022-1774

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00846EPSS
Exploits0References5
Veracode
Veracode
added 2022/04/12 7:15 a.m.29 views

Time-Based One-Time Password Algorithm (TOPT) Replay Attack

devise-two-factor is vulnerable to time-based one-time password algorithm TOPT replay attacks. A remote attacker is able to reuse the one-time-password immediately trailing the interval in order to gain access to the victim's account given that the attacker already knows the victim's credentials...

5.3CVSS3.9AI score0.01782EPSS
Exploits0References2Affected Software2
UbuntuCve
UbuntuCve
added 2022/04/11 8:15 p.m.48 views

CVE-2021-43177

As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password OTP for one and only one immediately trailing interval. CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N...

5.3CVSS6.1AI score0.00846EPSS
Exploits0References5
Prion
Prion
added 2022/04/11 8:15 p.m.19 views

Design/Logic Flaw

As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password OTP for one and only one immediately trailing interval. CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N...

3.5CVSS5.1AI score0.01782EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/04/11 8:15 p.m.3 views

UBUNTU-CVE-2021-43177

As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password OTP for one and only one immediately trailing interval. CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N...

5.3CVSS6AI score0.00846EPSS
Exploits0References6
OSV
OSV
added 2022/04/07 10:9 p.m.40 views

GHSA-JM35-H8Q2-73MP Improper one time password handling in devise-two-factor

Impact As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password OTP for one and only one immediately trailing interval. Patches This vulnerability has been patched in version 4.0.2 which was released on March...

5.3CVSS5.1AI score0.00846EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/04/07 10:9 p.m.27 views

Improper one time password handling in devise-two-factor

Impact As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password OTP for one and only one immediately trailing interval. Patches This vulnerability has been patched in version 4.0.2 which was released on March...

5.3CVSS1.4AI score0.00846EPSS
Exploits0References5Affected Software1
RubySec
RubySec
added 2022/04/07 12:0 a.m.27 views

Improper one time password handling in devise-two-factor

Impact As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password OTP for one and only one immediately trailing interval. Patches This vulnerability has been patched in version 4.0.2 which was released on March...

5.3CVSS2.7AI score0.01782EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/09/06 9:29 p.m.9 views

CVE-2015-7225

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password aka OTP, which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP...

5.3CVSS5.2AI score
Exploits0References9
CVE
CVE
added 2017/09/06 9:0 p.m.91 views

CVE-2015-7225

Concretely, CVE-2015-7225 affects devise-two-factor prior to v4.0.2, where an OTP can be reused for one immediately trailing time interval due to an incomplete fix. Multiple connected records (e.g., CVE-2021-43177 references) confirm the vulnerability pattern and the remediation: upgrade to devis...

5.3CVSS5.1AI score0.01782EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder