Fixing CVE-2022-42731

mkalioby · Oct 10, 2022 · 2d7b80b · 2d7b80b
1 parent 8dba66b
commit 2d7b80b
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,12 @@
 # Change Log
+## 2.6.1
+* Fix: CVE-2022-42731: related to the possibility of registration replay attack.
+  Thanks to 'SSE (Secure Systems Engineering)'
+
+## 2.5.1
+* Fix: CVE-2022-42731: related to the possibility of registration replay attack.
+  Thanks to 'SSE (Secure Systems Engineering)' 
+
 ## 2.6.0
    * Adding Backup Recovery Codes (Recovery) as a method.
      Thanks to @Spitfireap for work, and  @peterthomassen for guidance.

diff --git a/mfa/FIDO2.py b/mfa/FIDO2.py
@@ -57,7 +57,7 @@ def complete_reg(request):
         att_obj = AttestationObject((data['attestationObject']))
         server = getServer()
         auth_data = server.register_complete(
-            request.session.pop['fido_state'],
+            request.session.pop('fido_state'),
             client_data,
             att_obj
         )

diff --git a/setup.py b/setup.py
@@ -4,7 +4,7 @@
 
 setup(
     name='django-mfa2',
-    version='2.6.0',
+    version='2.6.1',
     description='Allows user to add 2FA to their accounts',
     long_description=open("README.md").read(),
     long_description_content_type="text/markdown",