#9248 OTP token sync always returns OK even with random numbers
Closed: fixed 2 months ago by frenaud. Opened 3 months ago by frenaud.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 2124369

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:

When syncing OTP tokens, as long as the first OTP is valid, it will accept any random series as numbers as the second OTP to sync from.

Version-Release number of selected component (if applicable):

IPA Server 4.6.8-5
RHEL 7.9

How reproducible:

Consistently

Steps to Reproduce:
1. Create account and setup OTP for it.
2. Run `ipa otptoken-sync`.
3. Give a valid username, password, and first OTP token.
4. Give an invalid one for the second token.

Actual results:

IPA accepts the second value despite it being invalid.

Expected results:

IPA rejects the second value as invalid.

Additional info:

Metadata Update from @frenaud:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=2124369

3 months ago

Metadata Update from @frenaud:
- Issue assigned to frenaud

3 months ago

Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/6472

3 months ago

master:

  • f1b2d8a ipa otptoken-sync: return error when sync fails
  • 59db0fa ipatests: add negative test for otptoken-sync

ipa-4-10:

  • 221768f ipa otptoken-sync: return error when sync fails
  • d9f33b7 ipatests: add negative test for otptoken-sync

ipa-4-9:

  • 4cc94cd ipa otptoken-sync: return error when sync fails
  • 895a800 ipatests: add negative test for otptoken-sync

ipa-4-6:

  • e2238fd ipa otptoken-sync: return error when sync fails
  • 0c62aef ipatests: add negative test for otptoken-sync
  • 69c376b ipatests: python2 does not support f-strings
  • d587d0f Fix otptoken_sync plugin

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

2 months ago

Login to comment on this ticket.

Metadata