ugosan / yubico-yubiserve

Automatically exported from code.google.com/p/yubico-yubiserve
GNU General Public License v3.0
0 stars 0 forks source link

server doesn't test client HMAC for validity #14

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Send incorrect HMAC digest along with request to the server

What is the expected output? What do you see instead?
I would expect the server to reject the request, because the client was sending 
incorrect digest.

This is specified in step 1 of the 'validation server algorithm' on the 
official yubikey-php wiki
1. Val X parses validation request, retrieves the client key for the client id 
from local database and checks the request signature. 

What version of the product are you using? On what operating system?
v3.1 on ubuntu

Please provide any additional information below.

Original issue reported on code.google.com by domi...@rutherfordfamily.co.uk on 28 Sep 2011 at 9:40

GoogleCodeExporter commented 8 years ago
wiki link is:
https://code.google.com/p/yubikey-val-server-php/wiki/ValidationServerAlgorithm

Original comment by domi...@rutherfordfamily.co.uk on 28 Sep 2011 at 9:41

GoogleCodeExporter commented 8 years ago

Original comment by b1ga...@gmail.com on 4 May 2012 at 9:32