Prevent OTP codes to be re-used
Open, NormalPublic


Within the timeframe a TOTP is valid, it can be used for login multiple times. Although replaying the login with the same (wire-tapped) parameters is quite difficult, it's not entirely impossible. Therefore, an (T)OTP code once used for successful login needs to be logged and blacklisted for the according user account to prevent from repeated authentication with the same code.

This will likely be part of the Storage component to maintain a list of used codes and the Driver to verify each submitted code against that list.


Ticket Type

Event Timeline

bruederli updated the task description. (Show Details)
bruederli raised the priority of this task from to 60.
bruederli claimed this task.
bruederli added projects: Restricted Project, Roundcube Kolab Plugins .
bruederli changed Ticket Type from Task to Task.
bruederli edited a custom field.
bruederli removed a project: Restricted Project.
bruederli added a subscriber: bruederli.
bruederli removed bruederli as the assignee of this task.Jun 12 2015, 3:03 PM
bruederli edited a custom field.
vanmeeuwen lowered the priority of this task from 60 to Normal.Mar 28 2019, 8:13 AM