Currently, it is possible to simultaneously execute multiple authentications against a server. This may cause race conditions with the HOTP counter or (less likely) the TOTP watermark. It may also permit a rapid replay attack.
4.1 should address at least this concern.
I opened a newer bug. Sorry closing the older one as a dup of a newer one #4493.
Metadata Update from @npmccallum: - Issue assigned to npmccallum - Issue set to the milestone: FreeIPA 4.1
Log in to comment on this ticket.