[OPENAM-6362] HOTP and OATH auth-modules do not set 'failureUserID' when throwing InvalidPasswordException, this breaks OpenAM account lockout Created: 13/Jul/15 Updated: 16/Jan/17 Resolved: 18/Feb/16
|Affects Version/s:||11.0.0, 11.0.1, 11.0.2, 11.0.3, 12.0.0, 13.0.0|
|Fix Version/s:||12.0.3, 13.5.0|
|Reporter:||Bernhard Thalmayr||Assignee:||Jonathan Thomas|
|Sprint:||AM Sustaining Sprint 17|
|Support Ticket IDs:|
is thrown the failed 'tokenID' (userId) must be specified, otherwise AccountLockout is broken due to ...
This is also present in the HOTP, OATH and the AuthenticatorOATH (AM 13.0.0) modules.
|Comment by Jonathan Thomas [ 24/Sep/15 ]|
There are also InvalidPasswordException invoked without the tokenID in the
|Comment by Peter Major [X] (Inactive) [ 03/Feb/16 ]|
Fix is already in CR need to carry this out.