GHSA-X489-JJWM-52G7 Tinfoil Devise-two-factor does not "burn" a successfully validated one-time password (OTP)

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow RFC 6238 § 5.2 and does not "burn" a successfully validated one-time password aka OTP, which allows physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing ...

Tinfoil Devise-two-factor does not "burn" a successfully validated one-time password (OTP)

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow RFC 6238 § 5.2 and does not "burn" a successfully validated one-time password aka OTP, which allows physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing ...

CVE-2015-7225

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password aka OTP, which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP...

CVE-2015-7225

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password aka OTP, which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP...

Code injection

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password aka OTP, which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP...

UBUNTU-CVE-2015-7225

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password aka OTP, which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP...

CVE-2015-7225

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password aka OTP, which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP...

CVE-2015-7225

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password aka OTP, which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP...

CVE-2015-7225

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password aka OTP, which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP...