3 matches found
GO-2024-3160 Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials in github.com/ory/kratos
Ory Kratos's setting requiredaal highestavailable does not properly respect code + mfa credentials in github.com/ory/kratos...
GHSA-WC43-73W7-X2F5 Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials
Preconditions - The code login method is enabled with the passwordlessenabled flag set to true . - A 2FA method such as totp is enabled. - requiredaal of the whomai check or the settings flow is set to highestavailable. AAL stands for Authenticator Assurance Levels and can range from 0 no factor ...
Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials
Preconditions - The code login method is enabled with the passwordlessenabled flag set to true . - A 2FA method such as totp is enabled. - requiredaal of the whomai check or the settings flow is set to highestavailable. AAL stands for Authenticator Assurance Levels and can range from 0 no factor ...