Page MenuHomekolab.org

Don't accept invalid yubikey tokens
Needs ReviewPublic

Authored by dhoffend on Jan 21 2017, 12:26 AM.

Details

Reviewers
None
Group Reviewers
Roundcube Kolab Plugins Developers
Summary

Don't accept empty/invalid yubikey token input when adding a factor

Test Plan

Use empty yubikey field or token < 12 chars

Diff Detail

Repository
rRPK roundcubemail-plugins-kolab
Branch
fix-yubikey-2fa
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 7869
Build 8091: arc lint + arc unit

Event Timeline

dhoffend updated this revision to Diff 852.Jan 21 2017, 12:26 AM
dhoffend retitled this revision from to Don't accept invalid yubikey tokens.
dhoffend updated this object.
dhoffend edited the test plan for this revision. (Show Details)

Without this patch you can actually enter an empty token or a token smaller then 12 chars and it would get accepted. After that you cannot login anymore because your given yubikey token will never match against the saved youbikeyid