oss-sec mailing list archives
Re: CVE Request: TOTP Replay Attack in Ruby library "devise-two-factor"
From: Justin Bull <me () justinbull ca>
Date: Wed, 16 Sep 2015 09:20:31 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, After working with the vendor maintainers, a fix has been implemented and released under version 2.0.0 of the software. Upgrading notes can be found here: https://github.com/tinfoil/devise-two-factor/blob/master/UPGRADING.md - -- Best Regards, Justin Bull PGP Fingerprint: E09D 38DE 8FB7 5745 2044 A0F4 1A2B DEAA 68FD B34C -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 iQIcBAEBCgAGBQJV+WydAAoJEESFZfv8+htY/AIQAJHS2x/2n2/LYCTuuQ6oLTUL y4mf6XTV3uSr1/oUNnWZPZ/a5c686GaU2x1yUSy0Sz58ayhpm9JcymA3KhNexOqG uRb7RUGrLmeg7T//qoq4nf6+kfXQvEw1pSvV0C8mnthh2E3A3PhHA5L3XWT2cAnC i3v6nLR53fXCepWOdzDtCRoxlvEEbM82q6RSC49pSqWiDyGzwjMV820EnUI4TqZw cXGlaTUkBLUXTFG8fIFve9NruYiIVKAgaFrFIYhmhhAbVWc30zaMMFZdOvhGORIV agjpscsPfwO/h+GPH7U1yD/nFAXln+vMukOcT/II+cXZoHMRmvtsgHbVoa3LHLKd xH7xQv79u4V1sV+EFsi2KaqUq31inzWYOqi/QkDdbavNDtNl1ELVJjuv1PuhJTXz pgLp54DUTlboqsKrsftYoKACsdbspuSzWDdttZfZrDxNNcgtJwpPBoMcZO1cDGUy UQR0sGkfNmMtBxQBHvJKab7opoqfvZDmqlO9HjQxhm3sgHECQU9sFI+OPWx2fHkE B8OIHkKZMUsfqUorJfacwSXZSt5jKxAIuNbJ5XW8DlK/gKCbRSl2YgdTzJ45txlh r1tybDrlJRs9CGGJQ2PzFW/oPR7+KLKYHy1cEnleeORqaobsQVZPG8k7Fqt9eNOV i6en/R8DgQTrohFjgWIn =2Dd7 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: TOTP Replay Attack in Ruby library "devise-two-factor" Justin Bull (Sep 06)
- Re: CVE Request: TOTP Replay Attack in Ruby library "devise-two-factor" Justin Bull (Sep 16)
- Re: CVE Request: TOTP Replay Attack in Ruby library "devise-two-factor" cve-assign (Sep 17)