an app engine for your business. Seamlessly implement business logic with a powerful API. Out of the box CMS, blog, forum and email functionality. Developer friendly & easily extendable for your next SaaS/XaaS project. Built with Rails 6, Devise, Sidekiq & PostgreSQL
I'm a pentester from Radically Open Security.
We recently reported a 2FA bypass vulnerability in the devise-two-factor library, see the GHSA-chcr-x7hc-8fp8 advisory and my writeup.
Since Violet Rails uses the devise-two-factor library for 2FA authentication, we recommend looking into this as a potential security problem you could be affected by. Please note that we have not further analyzed your project code.
I'm a pentester from Radically Open Security. We recently reported a 2FA bypass vulnerability in the
devise-two-factorlibrary, see the GHSA-chcr-x7hc-8fp8 advisory and my writeup.Since
Violet Railsuses thedevise-two-factorlibrary for 2FA authentication, we recommend looking into this as a potential security problem you could be affected by. Please note that we have not further analyzed your project code.Relevant gem definition: https://github.com/restarone/violet_rails/blob/ed4656fa50f3461ca9e97e6d88944c7f5417c89e/Gemfile#L123