CVE-2015-7225 - OpenCVE

Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tinfoilsecurity	Devise-two-factor

Configuration 1 [-]

cpe:2.3:a:tinfoilsecurity:devise-two-factor:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2015/06/20/4
http://www.openwall.com/lists/oss-security/2015/09/17/2
http://www.securityfocus.com/bid/76789
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798466
https://github.com/tinfoil/devise-two-factor/blob/master/UPGRADING.md
https://github.com/tinfoil/devise-two-factor/issues/45#issuecomment-139335608

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-09-06T21:00:00

Updated: 2024-08-06T07:43:45.764Z

Reserved: 2015-09-17T00:00:00

Link: CVE-2015-7225

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-09-06T21:29:00.957

Modified: 2017-09-21T18:57:10.310

Link: CVE-2015-7225

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-06-20T00:00:00", "descriptions": [{"lang": "en", "value": "Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not \"burn\" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-06T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tinfoil/devise-two-factor/blob/master/UPGRADING.md"}, {"name": "[oss-security] 20150917 Re: CVE Request: TOTP Replay Attack in Ruby library", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/09/17/2"}, {"name": "[oss-sercurity] 20150620 CVE Request: MITM & Shoulder-surfing vuln in Ruby OTP/HOTP/TOTP library \"ROPT\"", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/06/20/4"}, {"name": "76789", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76789"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798466"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tinfoil/devise-two-factor/issues/45#issuecomment-139335608"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7225", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not \"burn\" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/tinfoil/devise-two-factor/blob/master/UPGRADING.md", "refsource": "CONFIRM", "url": "https://github.com/tinfoil/devise-two-factor/blob/master/UPGRADING.md"}, {"name": "[oss-security] 20150917 Re: CVE Request: TOTP Replay Attack in Ruby library", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/09/17/2"}, {"name": "[oss-sercurity] 20150620 CVE Request: MITM & Shoulder-surfing vuln in Ruby OTP/HOTP/TOTP library \"ROPT\"", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/06/20/4"}, {"name": "76789", "refsource": "BID", "url": "http://www.securityfocus.com/bid/76789"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798466", "refsource": "MISC", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798466"}, {"name": "https://github.com/tinfoil/devise-two-factor/issues/45#issuecomment-139335608", "refsource": "CONFIRM", "url": "https://github.com/tinfoil/devise-two-factor/issues/45#issuecomment-139335608"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:43:45.764Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/tinfoil/devise-two-factor/blob/master/UPGRADING.md"}, {"name": "[oss-security] 20150917 Re: CVE Request: TOTP Replay Attack in Ruby library", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/09/17/2"}, {"name": "[oss-sercurity] 20150620 CVE Request: MITM & Shoulder-surfing vuln in Ruby OTP/HOTP/TOTP library \"ROPT\"", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/06/20/4"}, {"name": "76789", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/76789"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798466"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/tinfoil/devise-two-factor/issues/45#issuecomment-139335608"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-7225", "datePublished": "2017-09-06T21:00:00", "dateReserved": "2015-09-17T00:00:00", "dateUpdated": "2024-08-06T07:43:45.764Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tinfoilsecurity:devise-two-factor:*:*:*:*:*:*:*:*", "matchCriteriaId": "9796BE8B-A754-4A3A-9B61-C40420C0E53A", "versionEndIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not \"burn\" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step."}, {"lang": "es", "value": "Tinfoil Devise-two-factor, en versiones anteriores a la 2.0.0, no sigue de manera estricta la secci\u00f3n 5.2 de la norma RFC 6238 y no \"consume\" una contrase\u00f1a de un solo uso (tambi\u00e9n llamada OTP) correctamente validada. Esto permite que atacantes remotos o que se encuentren f\u00edsicamente cerca inicien sesi\u00f3n como un usuario utilizando sus credenciales de acceso. Esto se llevar\u00eda a cabo realizando un ataque Man-in-the-Middle (MitM) entre el proveedor y el verificador u observando f\u00edsicamente (lo que se conoce como shoulder surfing) y repitiendo la contrase\u00f1a OTP en el intervalo de tiempo actual."}], "id": "CVE-2015-7225", "lastModified": "2017-09-21T18:57:10.310", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-06T21:29:00.957", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "VDB Entry"], "url": "http://www.openwall.com/lists/oss-security/2015/06/20/4"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "VDB Entry"], "url": "http://www.openwall.com/lists/oss-security/2015/09/17/2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/76789"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798466"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/tinfoil/devise-two-factor/blob/master/UPGRADING.md"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/tinfoil/devise-two-factor/issues/45#issuecomment-139335608"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}