3 matches found
CVE-2021-43177
CVE-2021-43177 affects Devise-Two-Factor prior to 4.0.2. The vulnerability results from an incomplete fix for CVE-2015-7225, allowing an attacker to reuse a One-Time-Password (OTP) for the immediately trailing interval. The issue is documented across multiple sources (e.g., NVD, GN, Debian, Ubunt...
CVE-2015-7225
Concretely, CVE-2015-7225 affects devise-two-factor prior to v4.0.2, where an OTP can be reused for one immediately trailing time interval due to an incomplete fix. Multiple connected records (e.g., CVE-2021-43177 references) confirm the vulnerability pattern and the remediation: upgrade to devis...
CVE-2024-8796
CVE-2024-8796 affects the Devise-Two-Factor library. Under default configuration, versions >= 2.2.0 and