yubioath-flutter icon indicating copy to clipboard operation
yubioath-flutter copied to clipboard

Published 20 hours ago verified publisher icon Yubico

Authenticator in background doesn't detect if YubiKey is removed

Open genxlee opened this issue 5 years ago • 0 comments

  • Yubico Authenticator version: 4.3.6
  • Operating system and version: tested on Windows 1803-1903 + 20H1
  • YubiKey model and version: 5 NFC, 5.1.2
  • Bug description summary: You can access all saved OAUTH credentials without entering password when Authenticator was minimized beforehand and YubiKey was replugged to computer.

Steps to reproduce

  1. Open Yubico Authenticator
  2. Insert YubiKey and enter password
  3. Minimize the Yubico Authenticator
  4. Remove YubiKey
  5. work on your things, put computer on sleep etc
  6. Insert YubiKey
  7. Open minimized Yubico Authenticator from tray
  8. Password entrance not required anymore, you have access to all OAUTH codes.

Expected result

User should be forced to enter password at step 7.

Actual results

You can access all saved credentials without entering password when Authenticator was minimized before.

poc

genxlee avatar Sep 18 '19 07:09 genxlee