Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tinfoil Security Devise-two-factor 安全漏洞
Vulnerability Description
Tinfoil Security Devise-two-factor是美国Tinfoil Security公司的一个双因素身份验证扩展。 Tinfoil Security Devise-two-factor 2.0.0之前的版本中存在安全绕过漏洞。远程或物理位置临近的攻击者可利用该漏洞实施中间人攻击,并以用户身份登录。
CVSS Information
N/A
Vulnerability Type
N/A