https://git.radicallyopensecurity.com/ros/pen-sunet-mfa-zones/-/issues/5

pondersource / nextcloud-mfa-awareness

Make Nextcloud aware of whether the current user is logged in with Multi-Factor Authentication

MIT License

0 stars 2 forks source link

https://git.radicallyopensecurity.com/ros/pen-sunet-mfa-zones/-/issues/5 #63

Closed michielbdejong closed 7 months ago

michielbdejong commented 7 months ago

Self Denial of Service (DoS) A user which enable mfazones protection on one of their folder, can no longer access such folder and cannot disable the mfazones protection as well.

We fixed this by disabling the toggle when the session is not MFA verified. A user could still lock themselves out of their MFA Zones if they unconfigure MFA for their account, but then they can always regain access by reconfiguring it.