Time-Based One-Time Password Algorithm (TOPT) Replay Attack

devise-two-factor is vulnerable to time-based one-time password algorithm TOPT replay attacks. A remote attacker is able to reuse the one-time-password immediately trailing the interval in order to gain access to the victim's account given that the attacker already knows the victim's credentials...

devise-two-factor 1.1.0 and earlier vulnerable to replay attacks

A OTP replay vulnerability in devise-two-factor 1.1.0 and earlier allows local attackers to shoulder-surf a user's TOTP verification code and use it to login after the user has authenticated. By not "burning" a previously used TOTP, devise-two-factor allows a narrow window of opportunity aka the...