[Midas] Bug in Pydas onetime password management

Patrick Reynolds patrick.reynolds at kitware.com
Fri Nov 16 13:45:05 EST 2012


Brian,

Thanks for the report! This is fixed in pydas in git and pypi. 

Thanks,
Patrick Reynolds
Technical Leader
Kitware, Inc.
919 869 8848


On Thursday, November 15, 2012 at 5:50 PM, Chapman, Brian wrote:

> Hello Everybody, 
> 
> I just upgraded to pydas version 0.2.24 and logged in to a Midas instance that has two-factor authentication enabled. Pydas prompts me for the one-time password, but when I entered the onetime password this was not hidden from the screen, as it would be if I were using getpass.getpass(). Since with the RSA SecureID the one time password is a concatenation of a fixed password and the one time generated code, this is a potential compromise of the system security. 
> 
> Brian 
> 
> Brian E. Chapman, PhD 
> Associate Professor
> Division of Biomedical Informatics
> University of California, San Diego
> 
> 
> 
> 
> _______________________________________________
> Midas mailing list
> Midas at public.kitware.com (mailto:Midas at public.kitware.com)
> http://public.kitware.com/cgi-bin/mailman/listinfo/midas
> 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://public.kitware.com/pipermail/midas/attachments/20121116/68828539/attachment.html>


More information about the Midas mailing list