RSS Feed/News Signature counter is not validated when validating passkey signature

Status
Not open for further replies.
ENXF NET

ENXF NET

Administrator
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P.S Member
S.V.I.P Member
V.I.P Member
Collaborate
Registered
Joined
Nov 13, 2018
Messages
26,957
Points
823

Reputation:

When validating a passkey signature in \XF\Service\Passkey\Manager::validate() the signature counter is not checked.

Suggested Fix
Store the signature counter in entity Passkey after each successful validation and validate it when validating a passkey signature.

Continue reading...
 
Status
Not open for further replies.
Top