$Rails Devise authentication password reset

Description

Devise is a flexible authentication solution for Rails based on Warden. Devise is vulnerable to a password reset exploit leveraging type confusion. Using a specially crafted request, an attacker could trick the database type conversion code to return incorrect records. For some token values this could allow an attacker to bypass the proper checks and gain control of other accounts.

Remediation

Upgrade to the latest version of Devise (this issue was fixed in v2.2.3, v2.1.3, v2.0.5 and v1.5.4).

References