Lucene search
Veracode Vulnerability DatabaseVERACODE:35061HistoryApr 12, 2022 - 7:15 a.m.
Time-Based One-Time Password Algorithm (TOPT) Replay Attack
2022-04-1207:15:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19
topt
replay attack
vulnerable
devise-two-factor
remote attacker
one-time-password
shoulder surf
cve-2015-7225
software
EPSS
0.002
Percentile
61.6%
devise-two-factor is vulnerable to time-based one-time password algorithm (TOPT) replay attacks. A remote attacker is able to reuse the one-time-password immediately trailing the interval in order to gain access to the victim’s account given that the attacker already knows the victim’s credentials and is able to shoulder surf the victims second factor device. Note : This is due an incomplete fix for CVE-2015-7225.
Related
github
github
Improper one time password handling in devise-two-factor
2022-04-07 22:09:03
cve
cve
CVE-2021-43177
2022-04-11 20:15:16
CVE-2015-7225
2017-09-06 21:29:00
cvelist
cvelist
CVE-2021-43177
2022-04-11 19:37:40
CVE-2015-7225
2017-09-06 21:00:00
prion
prion
Design/Logic Flaw
2022-04-11 20:15:00
Code injection
2017-09-06 21:29:00
debiancve
debiancve
CVE-2021-43177
2022-04-11 20:15:16
CVE-2015-7225
2017-09-06 21:29:00
ubuntucve
ubuntucve
CVE-2021-43177
2022-04-11 00:00:00
CVE-2015-7225
2017-09-06 00:00:00
osv
osv
Improper one time password handling in devise-two-factor
2022-04-07 22:09:03
CVE-2021-43177
2022-04-11 20:15:16
rubygems
rubygems
Improper one time password handling in devise-two-factor
2022-04-06 21:00:00
devise-two-factor 1.1.0 and earlier vulnerable to replay attacks
2015-09-16 21:00:00
nvd
nvd
CVE-2021-43177
2022-04-11 20:15:16
CVE-2015-7225
2017-09-06 21:29:00