After v0.10.2, backupEligible flag inconsistency detected during login validation

Question

After v0.10.2, backupEligible flag inconsistency detected during login validation

Closed this issue a month ago · 1 comments

hiifong commented a month ago

Version

0.11.2, 0.11.1, 0.11.0

Description

as title

Reproduction

build from @go-gitea/gitea#713364fc718d1d53840bd83ba6f6c307bd213fa8

Expectations

No response

Documentation

No response

Answer 1 · 2024-11-23T10:08:26.000Z

This occurs if the backup eligible flag has changed with bad authenticators or relying parties not storing the flag. The return of the error is clearly intentional.

The check verifies that the backup flags of the authenticator are not modified incorrectly as described by the spec which represents a clear security issue.