Page MenuHomePhorge

Don't accept invalid yubikey tokens
ClosedPublic

Authored by dhoffend on Jan 21 2017, 12:26 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Mar 27, 8:57 AM
Unknown Object (File)
Wed, Mar 27, 8:46 AM
Unknown Object (File)
Wed, Mar 27, 5:49 AM
Unknown Object (File)
Fri, Mar 22, 5:39 PM
Unknown Object (File)
Sun, Mar 17, 4:32 PM
Unknown Object (File)
Feb 22 2024, 6:18 AM
Unknown Object (File)
Feb 14 2024, 9:02 PM
Unknown Object (File)
Feb 10 2024, 3:50 PM

Details

Summary

Don't accept empty/invalid yubikey token input when adding a factor

Test Plan

Use empty yubikey field or token < 12 chars

Diff Detail

Repository
rRPK roundcubemail-plugins-kolab
Branch
fix-yubikey-2fa
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 7869
Build 8091: arc lint + arc unit

Event Timeline

dhoffend retitled this revision from to Don't accept invalid yubikey tokens.
dhoffend updated this object.
dhoffend edited the test plan for this revision. (Show Details)

Without this patch you can actually enter an empty token or a token smaller then 12 chars and it would get accepted. After that you cannot login anymore because your given yubikey token will never match against the saved youbikeyid

This revision is now accepted and ready to land.Jul 7 2022, 12:24 PM
This revision was automatically updated to reflect the committed changes.