Menu

Close
  • Blog Home
  • Main Website
Subscribe
Technical Musings Menu

Ruby on Rails

A 5-post collection

Page 1 of 1

CVE-2018-1000211: Public apps can't revoke tokens in Doorkeeper

TL;DR: If a public client respects the RFC 7009 spec and does not authenticate the revocation request, then Doorkeeper does not actually revoke the access »

Justin Bull Justin Bull on Research, Security, Ruby on Rails 16 July 2018

CVE-2018-1000088: Stored XSS in Doorkeeper

Software Description Doorkeeper is a Ruby gem that makes it easy to introduce OAuth 2 provider functionality to a Rails or Grape application. Depending on how »

Justin Bull Justin Bull on Security, Ruby on Rails, Research 21 February 2018

Debugging exceptions Rails 5 jbuilder views

There comes a time where regardless of your unit testing you have errors in production. But, alas, the exception isn't in your controller itself but the »

Justin Bull Justin Bull on Ruby on Rails 10 October 2017

CVE-2015-7225: OTP reuse in Devise-Two-Factor

TL;DR: Once a user successfully provides a valid OTP, that OTP can be replayed for the duration of the timestep. Upgrade to version 2.0. »

Justin Bull Justin Bull on Security, Ruby on Rails, Research 22 May 2017

CVE-2016-6582: Doorkeeper fails to revoke OAuth 2.0 public client's access token in revocation request

TL;DR: If a public client respects the RFC 7009 spec and does not authenticate the revocation request, then Doorkeeper does not actually revoke the access »

Justin Bull Justin Bull on Security, Ruby on Rails, Research 22 May 2017
Page 1 of 1
Technical Musings © 2025
Proudly published with Ghost