Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: [security] XSS in LinOTP login field fixed
- fixed a stored XSS in the LinOTP login
- also fixed invalid calls to check MISP settings from a javascript scope

- as reported by Dawid Czarnecki of Zigrin Security
  • Loading branch information
iglocska committed Apr 17, 2022
1 parent 93821c0 commit 9623de2
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions app/View/Users/login.ctp
Expand Up @@ -45,7 +45,7 @@
echo sprintf(
'%s <a href="%s/selfservice" title="LinOTP Selfservice">LinOTP Selfservice</a> %s',
__('Visit'),
Configure::read('LinOTPAuth.baseUrl'),
h(Configure::read('LinOTPAuth.baseUrl')),
__('for the One-Time-Password selfservice.')
);
}
Expand Down Expand Up @@ -92,7 +92,10 @@ function submitLoginForm() {
var url = $form.attr('action')
var email = $form.find('#UserEmail').val()
var password = $form.find('#UserPassword').val()
if (!empty(Configure::read('LinOTPAuth')) && Configure::read('LinOTPAuth.enabled')) {
var LinOTPAuth = <?= empty(Configure::read('LinOTPAuth')) ? 'False' : 'True' ?>;
var LinOTPAuthEnabled = <?= empty(Configure::read('LinOTPAuth.enabled')) ? 'False' : 'True' ?>;

if (LinOTPAuth && LinOTPAuthEnabled) {
var otp = $form.find('#UserOtp').val()
}
if (!$form[0].checkValidity()) {
Expand All @@ -107,7 +110,7 @@ function submitLoginForm() {
var $tmpForm = $('#temp form#UserLoginForm')
$tmpForm.find('#UserEmail').val(email)
$tmpForm.find('#UserPassword').val(password)
if (!empty(Configure::read('LinOTPAuth')) && Configure::read('LinOTPAuth.enabled')) {
if (LinOTPAuth && LinOTPAuthEnabled) {
$tmpForm.find('#UserOtp').val(otp)
}
$tmpForm.submit()
Expand Down

0 comments on commit 9623de2

Please sign in to comment.