Page MenuHomePhorge
Differential D375

Don't accept invalid yubikey tokens
ClosedPublic
Actions

Authored by dhoffend on Jan 21 2017, 12:26 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, May 6, 4:21 PM
Unknown Object (File)
Sun, May 5, 4:20 PM
Unknown Object (File)
Thu, May 2, 9:02 PM
Unknown Object (File)
Fri, Apr 26, 5:30 PM
Unknown Object (File)
Apr 4 2024, 7:10 AM
Unknown Object (File)
Mar 30 2024, 12:57 PM
Unknown Object (File)
Mar 29 2024, 4:35 PM
Unknown Object (File)
Mar 27 2024, 8:57 AM
View All Files
Subscribers
Roundcube Kolab Plugins Developers

Details

Reviewers
mollekopf
Group Reviewers
Roundcube Kolab Plugins Developers
Commits
rRPK18882d02dd8b: Don't accept invalid yubikey tokens
Summary

Don't accept empty/invalid yubikey token input when adding a factor

Test Plan

Use empty yubikey field or token < 12 chars

Diff Detail

Repository
rRPK roundcubemail-plugins-kolab
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dhoffend updated this revision to Diff 852.Jan 21 2017, 12:26 AM
dhoffend retitled this revision from to Don't accept invalid yubikey tokens.
dhoffend updated this object.
dhoffend edited the test plan for this revision. (Show Details)
dhoffend added a reviewer: Roundcube Kolab Plugins .
dhoffend edited reviewers, added: Roundcube Kolab Plugins Developers; removed: Roundcube Kolab Plugins .Jan 21 2017, 12:27 AM
dhoffend added a comment.Jan 21 2017, 12:41 AM

Without this patch you can actually enter an empty token or a token smaller then 12 chars and it would get accepted. After that you cannot login anymore because your given yubikey token will never match against the saved youbikeyid

dhoffend added a subscriber: Roundcube Kolab Plugins Developers.Feb 1 2017, 12:09 AM
mollekopf accepted this revision.Jul 7 2022, 12:24 PM
This revision is now accepted and ready to land.Jul 7 2022, 12:24 PM
Closed by commit rRPK18882d02dd8b: Don't accept invalid yubikey tokens (authored by dhoffend, committed by machniak). · Explain WhySep 21 2023, 3:35 PM
This revision was automatically updated to reflect the committed changes.
machniak added a commit: rRPK18882d02dd8b: Don't accept invalid yubikey tokens.

Revision Contents
Changeset List

PathSize
plugins/
kolab_2fa/
lib/
Kolab2FA/
Driver/
4 lines

Diff 13039

View Options

plugins/kolab_2fa/lib/Kolab2FA/Driver/Yubikey.php

Loading...