CVE-2024-0227

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

18 Mar 2024, 14:15

Type	Values Removed	Values Added
CPE	cpe:2.3:a:tinfoilsecurity:devise-two-factor::::::::
References	~~{'url': 'https://github.com/devise-two-factor/devise-two-factor/security/advisories/GHSA-chcr-x7hc-8fp8', 'tags': ['Mitigation', 'Vendor Advisory'], 'source': 'disclosure@synopsys.com'}~~
CVSS	v2 : ~~unknown~~ v3 : ~~8.1~~	v2 : unknown v3 : unknown
Summary	(es) Devise-Two-Factor no acelera ni restringe los intentos de inicio de sesión en el servidor de forma predeterminada. Cuando se combina con las limitaciones de entropía inherentes del algoritmo de Time-based One Time Password (TOTP), es posible que un atacante evite el mecanismo 2FA mediante ataques de fuerza bruta.
Summary	(en) Devise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's (TOTP) inherent entropy limitations, it's possible for an attacker to bypass the 2FA mechanism through brute-force attacks.	(en) Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CWE	~~CWE-307~~

18 Jan 2024, 18:32

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-11 20:15

Updated : 2024-03-18 14:15

NVD link : CVE-2024-0227

Mitre link : CVE-2024-0227

CVE.ORG link : CVE-2024-0227

JSON object : View

Products Affected

No product.

CWE

No CWE.