CVE-2024-0227
Devise-Two-Factor is vulnerable to brute-force attacks due to no throttling of login attempts by default, allowing an attacker to test possible TOTP codes if username/password are compromised. Documents from RubySec and GitHub advisories describe an attacker bypassing 2FA by brute-forcing TOTP, w...