Fixing CVE-2022-42731

2022-10-10 17:48:14 +03:00 · 2022-10-10 17:20:47 +03:00
3 changed files with 2 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,4 @@
 # Change Log
-## 2.5.1
-* Fix: CVE-2022-42731: related to possibility of registration replay attack thanks to 'SSE (Secure Systems Engineering)' 
-   
 ## 2.5.0

   * Fixed: issue in the 'Authorize' button don't show on Firefox and Chrome on iOS.
--- a/mfa/FIDO2.py
+++ b/mfa/FIDO2.py
@@ -57,7 +57,7 @@ def complete_reg(request):
        att_obj = AttestationObject((data['attestationObject']))
        server = getServer()
        auth_data = server.register_complete(
-            request.session.pop['fido_state'],
+            request.session.pop('fido_state'),
            client_data,
            att_obj
        )
--- a/setup.py
+++ b/setup.py
@@ -4,7 +4,7 @@ from setuptools import find_packages, setup

 setup(
    name='django-mfa2',
-    version='2.5.1',
+    version='2.5.0',
    description='Allows user to add 2FA to their accounts',
    long_description=open("README.md").read(),
    long_description_content_type="text/markdown",
Author	SHA1	Message	Date
Mohamed ElKalioby	d400425fcb	Fixing CVE-2022-42731	2022-10-10 17:48:14 +03:00
Mohamed ElKalioby	54db5a513b	Fixing CVE-2022-42731	2022-10-10 17:20:47 +03:00