5 matches found
Ubuntu: Security Advisory (USN-7050-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 20.04 LTS / 22.04 LTS : Devise-Two-Factor vulnerabilities (USN-7050-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7050-1 advisory. Benoit Ct-Jodoin and Michael Nipper discovered that Devise-Two-Factor incorrectly handled one-time password validation. An attacker could...
CVE-2024-8796
Under the default configuration, Devise-Two-Factor versions = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier for an...
CVE-2024-8796 Insufficient Default OTP Shared Secret Length
Under the default configuration, Devise-Two-Factor versions = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier for an...
CVE-2024-8796 Insufficient Default OTP Shared Secret Length
Under the default configuration, Devise-Two-Factor versions = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier for an...