DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-8796

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-8796

CGA ID

CGA-4rwp-gj4q-46cm

Severity

5.3

Medium

CVSS V3

Description

Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier for an attacker to guess the shared secret and generate valid TOTP codes.

References

  • https://images.chainguard.dev/security/CGA-4rwp-gj4q-46cm

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images