Skip to content

[v14] fix: Verify MFA device locks during authentication#36589

Merged
codingllama merged 2 commits intobranch/v14from
codingllama/backport/36471-v14
Jan 11, 2024
Merged

[v14] fix: Verify MFA device locks during authentication#36589
codingllama merged 2 commits intobranch/v14from
codingllama/backport/36471-v14

Conversation

@codingllama
Copy link
Copy Markdown
Contributor

@codingllama codingllama commented Jan 11, 2024

Backport #36471 to branch/v14.

Fix an oversight on authentication where locked MFA devices could still be used. Applies to password changes as well.

https://github.com/gravitational/security-findings/issues/81

Changelog: Verify MFA device locks during user authentication

@codingllama
fix: Verify MFA device locks during authentication (#36471)
66d5ff8 
* Test authn and password change with a locked user

* Verify MFA device locks during authentication

* Configure a LockWatcher in the passwordSuite setup

* Appease linter
@codingllama
Apply fixes for v14
da2865b
@codingllama codingllama added this pull request to the merge queue Jan 11, 2024
Merged via the queue into branch/v14 with commit 7f66bee Jan 11, 2024
@codingllama codingllama deleted the codingllama/backport/36471-v14 branch January 11, 2024 21:30
@BrewTestBot BrewTestBot mentioned this pull request Jan 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tigrato tigrato tigrato approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

+1 more reviewer

@jentfoo jentfoo jentfoo approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport size/md

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@codingllama @jentfoo @tigrato @rosstimothy