Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
shaicoleman
on Feb 26, 2022
|
parent
|
context
|
favorite
| on:
Gitlab Critical Security Release
It already recorded in the database when the TOTP was last used, but it allowed to reuse the same code during the grace period (30 seconds later).
diarrhea
on Feb 26, 2022
[–]
Allowing authentication not only within the original time frame but one interval before and after is by design:
https://en.wikipedia.org/wiki/Time-based_one-time_password#S...
.
prplr
on Feb 26, 2022
|
parent
[–]
The security issue is with allowing reuse, and not because of allowing use in the previous and next time frames.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: