When an OATH token is used, it should be cached temporarily so that if an attacker attempts to use the same token within the brief time period it is still valid, it will fail.
Version: master
Severity: normal
When an OATH token is used, it should be cached temporarily so that if an attacker attempts to use the same token within the brief time period it is still valid, it will fail.
Version: master
Severity: normal
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Parent5446 | T55192 Merge Extension:TwoFactorAuthentication into Extension:OATHAuth | |||
Resolved | Parent5446 | T55196 Used OATH should be cached to avoid replay attacks |
Change 132783 had a related patch set uploaded by Parent5446:
Cache OATH tokens to avoid replay