• Rémy Coutable's avatar
    Merge branch 'fix/2fa-authentication-spoofing' into 'master' · 4a9f5ef9
    Rémy Coutable authored
    Fix 2FA authentication spoofing
    
    This is security fix for vulnerability described at
    https://gitlab.com/gitlab-org/gitlab-ce/issues/14900.
    
    Attacker was able to bypass password authentication of users that have 2FA enabled, and consequently sign is as a different user, without knowing his password, if he managed to guess 2FA One Time Password for that user.
    
    It was also possible to enumerate users and check if they have 2FA enabled, because GitLab responded with different error for each case.
    
    This MR attempts to change default user search scope if `otp_user_id` session variable has been set. If it is present, it means that user has 2FA enabled, and has already been verified with login and password. In this case we should look for user with `otp_user_id` first, before picking it up by `login`.
    
    Both, 2FA authentication spoofing and 2FA discovery have been covered by specs.
    
    Current 2FA code is a bit tricky, so it probably needs some refactoring.
    Signed-off-by: Rémy Coutable's avatarRémy Coutable <remy@rymai.me>
    4a9f5ef9
Name
Last commit
Last update
app Loading commit data...
bin Loading commit data...
builds Loading commit data...
config Loading commit data...
db Loading commit data...
doc Loading commit data...
docker Loading commit data...
features Loading commit data...
fixtures/emojis Loading commit data...
lib Loading commit data...
log Loading commit data...
public Loading commit data...
scripts Loading commit data...
shared Loading commit data...
spec Loading commit data...
tmp Loading commit data...
vendor/assets Loading commit data...
.flayignore Loading commit data...
.foreman Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.gitlab-ci.yml Loading commit data...
.hound.yml Loading commit data...
.pkgr.yml Loading commit data...
.rspec Loading commit data...
.rubocop.yml Loading commit data...
.ruby-version Loading commit data...
.simplecov Loading commit data...
.teatro.yml Loading commit data...
CHANGELOG Loading commit data...
CONTRIBUTING.md Loading commit data...
GITLAB_SHELL_VERSION Loading commit data...
GITLAB_WORKHORSE_VERSION Loading commit data...
Gemfile Loading commit data...
Gemfile.lock Loading commit data...
LICENSE Loading commit data...
MAINTENANCE.md Loading commit data...
PROCESS.md Loading commit data...
Procfile Loading commit data...
README.md Loading commit data...
Rakefile Loading commit data...
VERSION Loading commit data...
config.ru Loading commit data...
doc_styleguide.md Loading commit data...
docker-compose.yml Loading commit data...