You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since Violet Rails uses the devise-two-factor library for 2FA authentication, we recommend looking into this as a potential security problem you could be affected by. Please note that we have not further analyzed your project code.
I'm a pentester from Radically Open Security.
We recently reported a 2FA bypass vulnerability in the
devise-two-factorlibrary, see the GHSA-chcr-x7hc-8fp8 advisory and my writeup.Since
Violet Railsuses thedevise-two-factorlibrary for 2FA authentication, we recommend looking into this as a potential security problem you could be affected by. Please note that we have not further analyzed your project code.Relevant gem definition:
violet_rails/Gemfile
Line 123 in ed4656f
The text was updated successfully, but these errors were encountered: