CVE-2024-0227

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-0227
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

18 Mar 2024, 14:15

Type Values Removed Values Added
CWE CWE-307
CVSS v2 : unknown
v3 : 8.1 		v2 : unknown
v3 : unknown
References
  • {'url': 'https://github.com/devise-two-factor/devise-two-factor/security/advisories/GHSA-chcr-x7hc-8fp8', 'name': 'https://github.com/devise-two-factor/devise-two-factor/security/advisories/GHSA-chcr-x7hc-8fp8', 'tags': ['Mitigation', 'Vendor Advisory'], 'refsource': ''}
Summary Devise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's (TOTP) inherent entropy limitations, it's possible for an attacker to bypass the 2FA mechanism through brute-force attacks. Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CPE cpe:2.3:a:tinfoilsecurity:devise-two-factor:*:*:*:*:*:*:*:*

18 Jan 2024, 18:32

Type Values Removed Values Added
References () https://github.com/devise-two-factor/devise-two-factor/security/advisories/GHSA-chcr-x7hc-8fp8 - () https://github.com/devise-two-factor/devise-two-factor/security/advisories/GHSA-chcr-x7hc-8fp8 - Mitigation, Vendor Advisory
First Time Tinfoilsecurity
Tinfoilsecurity devise-two-factor
CPE cpe:2.3:a:tinfoilsecurity:devise-two-factor:*:*:*:*:*:*:*:*
CWE CWE-307
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.1

11 Jan 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-11 20:15

Updated : 2024-04-16 18:42

NVD link : CVE-2024-0227

Mitre link : CVE-2024-0227

CVE.ORG link : CVE-2024-0227

JSON object : View

Products Affected

No product.

CWE

No CWE.