Ran into an issue recently where a user failed to authenticate with a password + ubikey combination.
When we checked the logs to find out why authentication was failing it turned out the plugin was transmitting a partial password + part of a ubikey to the authentication server.
It turned out the issue was that the ubikey was only put half into the authentication field.
It looks like the check to see whether its a password + ubikey is only checking if the full password length (password + ubikeycode) is longer than the ubi code + ubi id.
Wouldn't a better check the full password string for the following segments:
password
the ubi id associated with the username
ubi code
And fail when the ubi id is not matching or, when the ubi code is not the correct length, or when there is no password.
Ran into an issue recently where a user failed to authenticate with a password + ubikey combination.
When we checked the logs to find out why authentication was failing it turned out the plugin was transmitting a partial password + part of a ubikey to the authentication server. It turned out the issue was that the ubikey was only put half into the authentication field.
It looks like the check to see whether its a password + ubikey is only checking if the full password length (password + ubikeycode) is longer than the ubi code + ubi id. Wouldn't a better check the full password string for the following segments:
And fail when the ubi id is not matching or, when the ubi code is not the correct length, or when there is no password.