Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trying to authenticate with password + partial key submits partial password #211

Open
mptyspace opened this issue Apr 17, 2020 · 0 comments
Open

Trying to authenticate with password + partial key submits partial password #211

mptyspace opened this issue Apr 17, 2020 · 0 comments

Comments

@mptyspace
Copy link

Ran into an issue recently where a user failed to authenticate with a password + ubikey combination.

When we checked the logs to find out why authentication was failing it turned out the plugin was transmitting a partial password + part of a ubikey to the authentication server.
It turned out the issue was that the ubikey was only put half into the authentication field.

It looks like the check to see whether its a password + ubikey is only checking if the full password length (password + ubikeycode) is longer than the ubi code + ubi id.
Wouldn't a better check the full password string for the following segments:

  1. password
  2. the ubi id associated with the username
  3. ubi code

And fail when the ubi id is not matching or, when the ubi code is not the correct length, or when there is no password.
@mptyspace mptyspace changed the title Trying to authorize with password + partial key submits partial password Trying to authenticate with password + partial key submits partial password Apr 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mptyspace