-
- Downloads
Prevent TOTP code reuse
Time-based one-time password (TOTP) codes are only valid for a short period of time. In addition they are meant to be single-use to make them more resistant against phishing and eavesdropping (e.g. keyloggers). Prior to this change uffd did not keep track of used codes and thus did not prevent code reuse.
Showing
- tests/models/test_mfa.py 9 additions, 0 deletionstests/models/test_mfa.py
- tests/views/test_mfa.py 23 additions, 0 deletionstests/views/test_mfa.py
- uffd/migrations/versions/a9b449776953_add_mfa_method_totp_last_counter.py 51 additions, 0 deletions...versions/a9b449776953_add_mfa_method_totp_last_counter.py
- uffd/models/mfa.py 8 additions, 4 deletionsuffd/models/mfa.py
- uffd/views/mfa.py 1 addition, 0 deletionsuffd/views/mfa.py
Loading
Please register or sign in to comment