You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since Violet Rails uses the devise-two-factor library for 2FA authentication, we recommend looking into this as a potential security problem you could be affected by. Please note that we have not further analyzed your project code.
I'm a pentester from Radically Open Security.
We recently reported a 2FA bypass vulnerability in the
devise-two-factor
library, see the GHSA-chcr-x7hc-8fp8 advisory and my writeup.Since
Violet Rails
uses thedevise-two-factor
library for 2FA authentication, we recommend looking into this as a potential security problem you could be affected by. Please note that we have not further analyzed your project code.Relevant gem definition:
violet_rails/Gemfile
Line 123 in ed4656f
The text was updated successfully, but these errors were encountered: