Page MenuHomePhabricator
Create Task
Maniphest T55196

Used OATH should be cached to avoid replay attacks
Closed, ResolvedPublic
Actions

Description

When an OATH token is used, it should be cached temporarily so that if an attacker attempts to use the same token within the brief time period it is still valid, it will fail.

Version: master
Severity: normal

Details

Reference
bz53196

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 2:08 AM
bzimport added a project: MediaWiki-extensions-OATHAuth.
bzimport set Reference to bz53196.
Parent5446 created this task.Aug 22 2013, 3:27 AM
gerritbot added a comment.May 11 2014, 9:25 AM

Change 132783 had a related patch set uploaded by Parent5446:
Cache OATH tokens to avoid replay

https://gerrit.wikimedia.org/r/132783

Aklapper removed RyanLane as the assignee of this task.Apr 26 2015, 12:11 PM
Parent5446 claimed this task.May 23 2015, 2:51 PM
Parent5446 moved this task from Backlog to In Progress on the MediaWiki-extensions-OATHAuth board.
Parent5446 closed this task as Resolved.May 25 2015, 10:00 PM

Patch merged

Parent5446 removed a project: Patch-For-Review.May 25 2015, 10:00 PM
Parent5446 set Security to None.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL