ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.

The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

缺省权限不正确

Ruby One Time Password Library 安全漏洞

Ruby One Time Password Library是适用于Ruby的一次性密码库。 Ruby One Time Password Library (ROTP)存在安全漏洞，该漏洞源于默认权限限制不当。

N/A

N/A