QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2019-5421

Back to search

CVE-2019-5421

Published: Apr 3, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests can prevent an attacker from being blocked on brute force attacks. This attack appear to be exploitable via Network connectivity - brute force attacks. This vulnerability appears to have been fixed in 4.6.0 and later.

VendorProductVersions

Plataformatec

Devise ruby gem

affected
4.5.0 and earlier using the lockable module

Weaknesses (CWE)

CWE-367

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now