Revisions of oath-toolkit_BR
unknown
committed
(revision 4)
project was undeleted
Axel Köllhofer (Akoellh)
committed
(revision 3)
- updated to version 2.6.2 * doc: - Version controlled source code repository moved to GitLab. * oathtool: - The --totp parameter now take an optional argument to specify MAC. - For example use --totp=sha256 to use HMAC-SHA256. When --totp is used the default HMAC-SHA1 is used, as before. * pam_oath: - Mention in README that you shouldn't use insecure keys. Suggested by Robin. - Check return value from strdup. Patch by Eero Häkkinen. * The files 'gdoc' and 'expect.oath' are now included in the tarball. Suggested by Jaroslav Škarvada. * liboath: - Support TOTP with HMAC-SHA256 and HMAC-SHA512. - Fix 'make check' on 32-bit systems. Report and patch by Christian Hesse. - This adds new APIs oath_totp_generate2, oath_totp_validate4 and oath_totp_validate4_callback. - Fix usersfile bug that caused it to update the wrong line. When an usersfile contain multiple lines for the same user but with an unparseable token type (e.g., HOTP vs TOTP), the code would update the wrong line of the file. Since the then updated line could be a commented out line, this can lead to the same OTP being accepted multiple times which is a security vulnerability. Reported by Bas van Schaik <bas@sj-vs.net> and patch provided by Ilkka Virta <itvirta@iki.fi>. CVE-2013-7322
Axel Köllhofer (Akoellh)
committed
(revision 2)
Axel Köllhofer (Akoellh)
committed
(revision 1)
Displaying all 4 revisions