Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rewording 2.8.8 (time-based multi-factor OTP token) #2462

Open
randomstuff opened this issue Dec 14, 2024 · 2 comments
Open

Rewording 2.8.8 (time-based multi-factor OTP token) #2462

randomstuff opened this issue Dec 14, 2024 · 2 comments
Labels
2) Awaiting response Awaiting a response from the original poster V2 _5.0 - prep This needs to be addressed to prepare 5.0

Comments

@randomstuff
Copy link
Contributor

Current 2.8.8:

# Description L1 L2 L3 CWE
2.8.8 [ADDED] Ensure that generation of the time-based multi-factor OTP token is based on the server's system time and not the client's machine. 367

Some things are off for me:

  • "generation" should probably "verification" instead (the client should still use the client time for generating the token, right?)
  • ensure → verify

Proposition:

Ensure that verification of the time-based multi-factor OTP token is based on the verifier server's system time and not the authenticating client's machine.
@elarlang elarlang added 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet _5.0 - prep This needs to be addressed to prepare 5.0 V2 labels Dec 14, 2024
@tghosth
Copy link
Collaborator

tghosth commented Dec 15, 2024

@randomstuff please review the previous discussion to confirm that your suggestion is correct:
#653 (comment)

I think it is but I'd like to be sure

@tghosth tghosth added 2) Awaiting response Awaiting a response from the original poster and removed 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet labels Dec 15, 2024
@elarlang
Copy link
Collaborator

The beginning of the requirement need to be changed from "Ensure" to "Verify" anyway.

@elarlang elarlang mentioned this issue Dec 15, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2) Awaiting response Awaiting a response from the original poster V2 _5.0 - prep This needs to be addressed to prepare 5.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@randomstuff @tghosth @elarlang