Description

Devise is a flexible authentication solution for Rails based on Warden. Devise is vulnerable to a password reset exploit leveraging type confusion. Using a specially crafted request, an attacker could trick the database type conversion code to return incorrect records. For some token values this could allow an attacker to bypass the proper checks and gain control of other accounts.

Remediation

Upgrade to the latest version of Devise (this issue was fixed in v2.2.3, v2.1.3, v2.0.5 and v1.5.4).

References

Security announcement: Devise v2.2.3, v2.1.3, v2.0.5 and v1.5.4 released

MySQL madness and Rails

Related Vulnerabilities

WordPress Plugin Dropshix Security Bypass (4.0.13)

WordPress Plugin Mobile Booster Security Bypass (1.0)

WordPress Plugin YITH WooCommerce Frequently Bought Together Security Bypass (1.2.10)

WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (4.14.7)

WordPress Plugin Wbcom Designs-BuddyPress Group Reviews Security Bypass (2.8.3)

Severity

High

Classification

CVE-2013-0233 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Authentication Bypass