Lucene search
Veracode Vulnerability DatabaseVERACODE:35061HistoryApr 12, 2022 - 7:15 a.m.
Time-Based One-Time Password Algorithm (TOPT) Replay Attack
2022-04-1207:15:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
0.002 Low
EPSS
Percentile
61.7%
devise-two-factor is vulnerable to time-based one-time password algorithm (TOPT) replay attacks. A remote attacker is able to reuse the one-time-password immediately trailing the interval in order to gain access to the victim’s account given that the attacker already knows the victim’s credentials and is able to shoulder surf the victims second factor device. Note : This is due an incomplete fix for CVE-2015-7225.
Related
debiancve
debiancve
CVE-2021-43177
2022-04-11 20:15:16
CVE-2015-7225
2017-09-06 21:29:00
ubuntucve
ubuntucve
CVE-2021-43177
2022-04-11 00:00:00
CVE-2015-7225
2017-09-06 00:00:00
prion
prion
Design/Logic Flaw
2022-04-11 20:15:00
Code injection
2017-09-06 21:29:00
cve
cve
CVE-2021-43177
2022-04-11 20:15:16
CVE-2015-7225
2017-09-06 21:29:00
cvelist
cvelist
CVE-2021-43177
2022-04-11 19:37:40
CVE-2015-7225
2017-09-06 21:00:00
github
github
Improper one time password handling in devise-two-factor
2022-04-07 22:09:03
nvd
nvd
CVE-2021-43177
2022-04-11 20:15:16
CVE-2015-7225
2017-09-06 21:29:00
osv
osv
Improper one time password handling in devise-two-factor
2022-04-07 22:09:03
CVE-2021-43177
2022-04-11 20:15:16
rubygems
rubygems
Improper one time password handling in devise-two-factor
2022-04-06 21:00:00