CVE-2015-7225 : Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of R

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step.

Published 2017-09-06 21:29:01

Updated 2017-09-21 18:57:10

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2015-7225

Tinfoilsecurity » Devise-two-factor
Versions up to, including, (<=) 1.1.0
cpe:2.3:a:tinfoilsecurity:devise-two-factor:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-7225

EPSS FAQ

0.42%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 61 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-7225

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	AV:N/AC:M/Au:S/C:P/I:N/A:N	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.3	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N	1.6	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2015-7225

CWE-254

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-7225

http://www.openwall.com/lists/oss-security/2015/06/20/4

oss-security - CVE Request: MITM & Shoulder-surfing vuln in Ruby OTP/HOTP/TOTP library "ROPT"
Mailing List;VDB Entry
https://github.com/tinfoil/devise-two-factor/issues/45#issuecomment-139335608

Security Bug · Issue #45 · tinfoil/devise-two-factor · GitHub
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/09/17/2

oss-security - Re: CVE Request: TOTP Replay Attack in Ruby library "devise-two-factor"
Mailing List;VDB Entry
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798466

#798466 - ruby-devise-two-factor: CVE-2015-7225: TOTP Replay Attack - Debian Bug report logs
Mailing List;Third Party Advisory
http://www.securityfocus.com/bid/76789

Tinfoil Devise-two-factor CVE-2015-7225 Security Bypass Vulnerability
Third Party Advisory;VDB Entry
https://github.com/tinfoil/devise-two-factor/blob/master/UPGRADING.md

devise-two-factor/UPGRADING.md at master · tinfoil/devise-two-factor · GitHub
Third Party Advisory

Jump to

Vulnerability Details : CVE-2015-7225

Products affected by CVE-2015-7225

Exploit prediction scoring system (EPSS) score for CVE-2015-7225

CVSS scores for CVE-2015-7225

CWE ids for CVE-2015-7225

References for CVE-2015-7225