You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the secrets are stored in a user-readable file. This is not necessarily a good idea, given that if an attacker manages to gain limited access to the user's session or account, and read that file, he can duplicate the token used for 2FA without leaving much of a trace.
Having a write-only secret store would be nice to have. That is, storing the configuration in a way that prevents the user from reading the secret (and emergency codes), and only allows him to update or remove it altogether. It might be also reasonable to prevent updates to other options without setting a new secret, to prevent the attacker from weakening the system silently.
If this were the case and the attacker only managed to obtain partial/temporary access to the user's session, the best he could do is disable 2FA altogether or set a new secret. In both cases, the user will notice it on next login (attempt).
A possible implementation would be to make google-authenticator setuid, and keep the files with restricted access somewhere.
The text was updated successfully, but these errors were encountered:
Currently the secrets are stored in a user-readable file. This is not necessarily a good idea, given that if an attacker manages to gain limited access to the user's session or account, and read that file, he can duplicate the token used for 2FA without leaving much of a trace.
Having a write-only secret store would be nice to have. That is, storing the configuration in a way that prevents the user from reading the secret (and emergency codes), and only allows him to update or remove it altogether. It might be also reasonable to prevent updates to other options without setting a new secret, to prevent the attacker from weakening the system silently.
If this were the case and the attacker only managed to obtain partial/temporary access to the user's session, the best he could do is disable 2FA altogether or set a new secret. In both cases, the user will notice it on next login (attempt).
A possible implementation would be to make
google-authenticator
setuid, and keep the files with restricted access somewhere.The text was updated successfully, but these errors were encountered: