Lucene search

K

Tinfoilsecurity Security Vulnerabilities

cve
cve

CVE-2021-43177

As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interval. CVSS Vector:...

5.3CVSS

5AI Score

0.002EPSS

2022-04-11 08:15 PM
66
cve
cve

CVE-2015-7225

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP....

5.3CVSS

5.1AI Score

0.002EPSS

2017-09-06 09:29 PM
58