Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Emit login failure event in the /mfa/login/begin step #41419

Merged
merged 4 commits into from
May 10, 2024
Merged

fix: Emit login failure event in the /mfa/login/begin step #41419

merged 4 commits into from
May 10, 2024

Conversation

codingllama
Copy link
Contributor

@codingllama codingllama commented May 10, 2024
edited
Loading

Emit the "Local Login Failed" event if the user fails a password check on CreateAuthenticateChallenge, which previously was a silent failure. This puts password+webauthn login audit on par with password+otp (which skips CreateAuthenticateChallenge entirely).

This is the only missing audit event from #36837 that can be addressed. As stated above, password+otp failures are already covered. Tapping the incorrect key, as mentioned in the issues, causes only a client-side failure.

#36837

Changelog: Emit login login failed audit events for invalid passwords on password+webauthn local authentication.

@github-actions github-actions bot requested review from gzdunek and r0mant May 10, 2024 17:28
@codingllama codingllama added this pull request to the merge queue May 10, 2024
Merged via the queue into master with commit 41b60a0 May 10, 2024
40 of 42 checks passed
@codingllama codingllama deleted the codingllama/mfa-audit branch May 10, 2024 21:56
@public-teleport-github-review-bot
Copy link

@codingllama See the table below for backport results.

Branch Result
branch/v13 Failed
branch/v14 Create PR
branch/v15 Create PR

This was referenced May 10, 2024
Merged
Merged
codingllama added a commit that referenced this pull request May 10, 2024
@codingllama
fix: Emit login failure event in the /mfa/login/begin step (#41419)
5f231e0 
* Test failed user/pass audit on CreateAuthenticateChallenge

* Emit login failure event in the /mfa/login/begin step

* nit: Remove final stop from logging statements

* nit: Remove seemingly outdated comment
@codingllama codingllama mentioned this pull request May 10, 2024
Merged
github-merge-queue bot pushed a commit that referenced this pull request May 13, 2024
@codingllama
[v13] fix: Emit login failure event in the /mfa/login/begin step (#41435
1828430 
)

* fix: Emit login failure event in the /mfa/login/begin step (#41419)

* Test failed user/pass audit on CreateAuthenticateChallenge

* Emit login failure event in the /mfa/login/begin step

* nit: Remove final stop from logging statements

* nit: Remove seemingly outdated comment

* Apply fixes for branch/v13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zmb3 zmb3 zmb3 approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

Assignees
No one assigned
Labels
backport/branch/v13 backport/branch/v14 backport/branch/v15 size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@codingllama @zmb3 @rosstimothy