Description

Devise is a flexible authentication solution for Rails based on Warden. Devise is vulnerable to a password reset exploit leveraging type confusion. Using a specially crafted request, an attacker could trick the database type conversion code to return incorrect records. For some token values this could allow an attacker to bypass the proper checks and gain control of other accounts.

Remediation

Upgrade to the latest version of Devise (this issue was fixed in v2.2.3, v2.1.3, v2.0.5 and v1.5.4).

References

Security announcement: Devise v2.2.3, v2.1.3, v2.0.5 and v1.5.4 released

MySQL madness and Rails

Related Vulnerabilities

WordPress Plugin CardGate Payments for WooCommerce Security Bypass (3.1.15)

WordPress Plugin Comment Rating SQL Injection and Security Bypass Weakness Vulnerabilities (2.9.32)

WordPress Plugin WP Support Plus Responsive Ticket System Security Bypass (7.1.4)

WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Security Bypass (2.0.15)

WordPress Plugin Content Aware Sidebars-Unlimited Widget Areas Security Bypass (3.8)

Severity

High

Classification

CVE-2013-0233 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Authentication Bypass