Page MenuHomePhorge

Prevent OTP codes to be re-used
Open, NormalPublic

Description

Within the timeframe a TOTP is valid, it can be used for login multiple times. Although replaying the login with the same (wire-tapped) parameters is quite difficult, it's not entirely impossible. Therefore, an (T)OTP code once used for successful login needs to be logged and blacklisted for the according user account to prevent from repeated authentication with the same code.

This will likely be part of the Storage component to maintain a list of used codes and the Driver to verify each submitted code against that list.

Details

Ticket Type
Task

Event Timeline

bruederli claimed this task.
bruederli raised the priority of this task from to 60.
bruederli updated the task description. (Show Details)
bruederli added projects: Restricted Project, Roundcube Kolab Plugins .
bruederli changed Ticket Type from Task to Task.
bruederli edited a custom field.
bruederli removed a project: Restricted Project.
bruederli subscribed.
bruederli edited a custom field.
vanmeeuwen lowered the priority of this task from 60 to Normal.Mar 28 2019, 8:13 AM