PT-2024-22612 · Ruby · Rotp
G-Rath
·
Published
2024-03-15
·
Updated
2025-12-05
·
CVE-2024-28862
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ROTP versions prior to 6.3.0
Description
The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions.
Recommendations
For versions prior to 6.3.0, users should patch to version 6.3.0.
For users unable to patch, correct file permissions after installation.
Exploit
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rotp