Unless with a contrary advisory, only the last version of Zero-TOTP and Zero-TOTP rescue are supported and security updated.
You can find the version in the release section of each project's repository.
If you believe you have discovered a security vulnerability in Zero-TOTP, please report it using the repository's private vulnerability report feature.
Please, encrypt all the sensitve information with the following PGP key
We evaluate reported vulnerabilities based on the following criteria:
- Impact: The severity and potential impact of the vulnerability.
- Likelihood: The likelihood of the vulnerability being exploited.
- Complexity: The complexity of exploiting the vulnerability.
You can use a CVSS 3 to evaluate the criticity of your findings. All findings with a CVSS score below 3 will not be necessarily treated and/or with an increased delay. Of course, most critical vulnerabilities will be treated before everything else, while the investigation is done.