Login
    Contenu x
    Things to Consider When Using Maker–Checker Authorization
    • 16 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Things to Consider When Using Maker–Checker Authorization

    • Mis à jour le 16 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Whereas unassigning an authenticator is protected by maker–checker authorization, deleting an authenticator is currently not. However, when deleting an authenticator, the respective device is implicitly unassigned before it is deleted from the data store. The unassignment operation in this case is not subject to maker–checker authorization. This special case allows bypassing maker–checker authorization.

    An administrator can circumvent maker–checker authorization for unassigning an authenticator, by just deleting the device.

    To prevent this, do not assign the Delete DIGIPASS privilege to administrators, who have also the Unassign DIGIPASS privilege assigned and are supposed to unassign authenticators in a controlled environment with maker–checker authorization enabled.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle