Lucene search
K

9 matches found

Github Security Blog
Github Security Blog
added 2018/08/28 10:34 p.m.33 views

Tinfoil Devise-two-factor does not "burn" a successfully validated one-time password (OTP)

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow RFC 6238 § 5.2 and does not "burn" a successfully validated one-time password aka OTP, which allows physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing ...

5.3CVSS5.4AI score0.01782EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2018/08/28 10:34 p.m.20 views

GHSA-X489-JJWM-52G7 Tinfoil Devise-two-factor does not "burn" a successfully validated one-time password (OTP)

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow RFC 6238 § 5.2 and does not "burn" a successfully validated one-time password aka OTP, which allows physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing ...

5.3CVSS5AI score0.01782EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2017/09/06 9:29 p.m.18 views

CVE-2015-7225

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password aka OTP, which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP...

5.3CVSS6.1AI score0.01782EPSS
Exploits0References2
Prion
Prion
added 2017/09/06 9:29 p.m.11 views

Code injection

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password aka OTP, which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP...

3.5CVSS7.1AI score0.01782EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2017/09/06 9:29 p.m.8 views

CVE-2015-7225

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password aka OTP, which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP...

5.3CVSS5.2AI score
Exploits0References9
OSV
OSV
added 2017/09/06 9:29 p.m.3 views

UBUNTU-CVE-2015-7225

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password aka OTP, which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP...

5.3CVSS6AI score0.01782EPSS
Exploits0References3
NVD
NVD
added 2017/09/06 9:29 p.m.18 views

CVE-2015-7225

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password aka OTP, which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP...

5.3CVSS5.2AI score0.01782EPSS
Exploits0References6
Cvelist
Cvelist
added 2017/09/06 9:0 p.m.25 views

CVE-2015-7225

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password aka OTP, which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP...

5.1AI score0.01782EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2017/09/06 9:0 p.m.17 views

CVE-2015-7225

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password aka OTP, which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP...

5.3CVSS5.2AI score0.01782EPSS
Exploits0
Rows per page
Query Builder