GHSA-QQ2P-4282-CFC5 eduMFA: Incorrect InnoDB snapshot isolation possibly allows token reusage

Impact For deployments using MySQL or MariaDB = 11.6.2 the default is ON, which is not affected - Same rules applies for Galera with underlying MariaDB Patches Fixed in version 2.9.1 by locking rows prior to write with SELECT FOR UPDATE. Workarounds Set innodbsnapshotisolation to ON default in...

[SECURITY] Fedora 41 Update: oath-toolkit-2.6.12-1.fc41

The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm RFC4226 and the time-based TOTP algorithm RFC6238. OATH stands for Open...

[SECURITY] Fedora 40 Update: oath-toolkit-2.6.12-1.fc40

The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm RFC4226 and the time-based TOTP algorithm RFC6238. OATH stands for Open...

[SECURITY] Fedora 39 Update: oath-toolkit-2.6.12-1.fc39

The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm RFC4226 and the time-based TOTP algorithm RFC6238. OATH stands for Open...

Information Disclosure

otpauth is vulnerable to information disclosure. The vulnerability exists through a non constant-time comparison algorithm is being used for validating a HOTP token...

Security advisory YSA-2018-01 | Yubico

Oscar Mira and Roi Martin from the Schibsted security team informed us of a security issue in the OATH Initiative for Open Authentication applet on the YubiKey NEO. The YubiKey OATH applet is used to generate time-based one-time password TOTP and HMAC-based one-time password HOTP codes that are...

[SECURITY] Fedora 20 Update: oath-toolkit-2.4.1-6.fc20

The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools an d a PAM module. Supported technologies include the event-based HOTP algorithm RFC4226 and the time-based TOTP algorithm RFC6238. OATH stands for Open...

[SECURITY] Fedora 21 Update: oath-toolkit-2.4.1-6.fc21

The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools an d a PAM module. Supported technologies include the event-based HOTP algorithm RFC4226 and the time-based TOTP algorithm RFC6238. OATH stands for Open...

Fedora Update for oath-toolkit FEDORA-2014-2875

Check for the Version of oath-toolkit OpenVAS Vulnerability Test Fedora Update for oath-toolkit FEDORA-2014-2875 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

[SECURITY] Fedora 20 Update: oath-toolkit-2.4.1-3.fc20

The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools an d a PAM module. Supported technologies include the event-based HOTP algorithm RFC4226 and the time-based TOTP algorithm RFC6238. OATH stands for Open...

[SECURITY] Fedora 19 Update: oath-toolkit-2.4.1-1.fc19

The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools an d a PAM module. Supported technologies include the event-based HOTP algorithm RFC4226 and the time-based TOTP algorithm RFC6238. OATH stands for Open...

SA-CONTRIB-2013-047 - Google Authenticator login - Access Bypass

This module will allow you to add Time-based One-time Password Algorithm also called "Two Step Authentication" or "Multi-Factor Authentication" support to user logins. It works with Google's Authenticator app system and support most if not all OATH based HOTP/TOTP systems. Accidental removal of...

Allow user accounts to require two-factor authentication using RFC 4226

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-20999. panel New feature request. In light of the recent security hack at Apache, it might be prudent for JIRA to provide some more secure...