Issue #4441: [RFE] Avoid OTP local race conditions - freeipa

freeipa

#4441 [RFE] Avoid OTP local race conditions

Closed: Duplicate None Opened 9 years ago by npmccallum.

Currently, it is possible to simultaneously execute multiple authentications against a server. This may cause race conditions with the HOTP counter or (less likely) the TOTP watermark. It may also permit a rapid replay attack.

mkosek commented 9 years ago

4.1 should address at least this concern.

dpal commented 9 years ago

I opened a newer bug. Sorry closing the older one as a dup of a newer one #4493.

Metadata Update from @npmccallum:
- Issue assigned to npmccallum
- Issue set to the milestone: FreeIPA 4.1

7 years ago

Metadata

Assignee

npmccallum

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.1

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

OTP

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#4441 [RFE] Avoid OTP local race conditions Closed: Duplicate None Opened 9 years ago by npmccallum.

Metadata

#4441 [RFE] Avoid OTP local race conditions

Closed: Duplicate None Opened 9 years ago by npmccallum.