josh/django-mfa2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixing CVE-2022-42731

Browse Source
This commit is contained in:
Mohamed ElKalioby
2022-10-10 17:35:26 +03:00
parent 8dba66b7b2
commit 2d7b80bf5a
3 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG.md
View File

@@ -1,4 +1,12 @@
# Change Log # Change Log
## 2.6.1
* Fix: CVE-2022-42731: related to the possibility of registration replay attack.
Thanks to 'SSE (Secure Systems Engineering)'
## 2.5.1
* Fix: CVE-2022-42731: related to the possibility of registration replay attack.
Thanks to 'SSE (Secure Systems Engineering)'
## 2.6.0 ## 2.6.0
* Adding Backup Recovery Codes (Recovery) as a method. * Adding Backup Recovery Codes (Recovery) as a method.
Thanks to @Spitfireap for work, and @peterthomassen for guidance. Thanks to @Spitfireap for work, and @peterthomassen for guidance.

2
mfa/FIDO2.py
View File

@@ -57,7 +57,7 @@ def complete_reg(request):
att_obj = AttestationObject((data['attestationObject'])) att_obj = AttestationObject((data['attestationObject']))
server = getServer() server = getServer()
auth_data = server.register_complete( auth_data = server.register_complete(
request.session.pop['fido_state'], request.session.pop('fido_state'),
client_data, client_data,
att_obj att_obj
) )

2
setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import find_packages, setup
setup( setup(
name='django-mfa2', name='django-mfa2',
version='2.6.0', version='2.6.1',
description='Allows user to add 2FA to their accounts', description='Allows user to add 2FA to their accounts',
long_description=open("README.md").read(), long_description=open("README.md").read(),
long_description_content_type="text/markdown", long_description_content_type="text/markdown",