Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interval. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVSS Information
N/A
Vulnerability Type
7PK-安全功能
Vulnerability Title
Devise-Two-Factor 安全漏洞
Vulnerability Description
Devise-Two-Factor是一个 Devise 的极简扩展。用于通过 TOTP 方案提供对双因素身份验证的支持。 Devise-Two-Factor 4.0.2 之前的版本中存在安全漏洞,攻击者可以将一次性密码 (OTP) 重用于一个(并且只有一个)紧随其后的间隔。
CVSS Information
N/A
Vulnerability Type
N/A