Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T55196, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 53196 - Used OATH should be cached to avoid replay attacks

Summary:	Used OATH should be cached to avoid replay attacks

Status: PATCH_TO_REVIEW Product: MediaWiki extensions Classification: Unclassified Component: OATHAuth (Other open bugs) Version: master Hardware: All All Importance: Unprioritized normal (vote) Target Milestone: --- Assigned To: Ryan Lane URL: Whiteboard: Keywords: Depends on: Blocks: 53192   Show dependency tree / graph		Reported: 2013-08-22 03:27 UTC by Tyler Romeo Modified: 2014-05-11 09:25 UTC (History) CC List: 0 users See Also: Web browser: --- Mobile Platform: --- Assignee Huggle Beta Tester: ---

Attachments Add an attachment (proposed patch, testcase, etc.)

Description Tyler Romeo 2013-08-22 03:27:53 UTC When an OATH token is used, it should be cached temporarily so that if an attacker attempts to use the same token within the brief time period it is still valid, it will fail. Comment 1 Gerrit Notification Bot 2014-05-11 09:25:44 UTC Change 132783 had a related patch set uploaded by Parent5446: Cache OATH tokens to avoid replay https://gerrit.wikimedia.org/r/132783