|
|
Log in / Subscribe / Register

Two-factor authentication

Two-factor authentication

Posted Sep 2, 2011 7:12 UTC (Fri) by job (guest, #670)
In reply to: Two-factor authentication by skvidal
Parent article: kernel.org compromised

Replay attacks? That's serious. I believe they are supposed to use some session identifier against that. Do you have more details?

to post comments

Two-factor authentication

Posted Sep 3, 2011 11:00 UTC (Sat) by Cato (guest, #7643) [Link]

I found this from 2 years ago - replay attack due to a bug in the Yubico authentication server, since fixed by Yubico: http://www.grennan.com/?p=113

It's up to the authentication server to do the right checks, so perhaps some authentication servers have bugs.

I'd like to see more on this claimed replay attack, too.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds