Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 718 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Double OTP + CAPTCHA for SSL VPN with Sophos Connect

jamesharper

Sophos XG appears to block OTP re-use, so if you need to log in twice you need to wait for the next 30 second interval. The result of this is that when using Sophos Connect 3.0 to connect SSL VPN, you need OTP + CAPTCHA for the "get latest config" step, then the next OTP (up to 30 seconds later) to log in to the actual VPN.

Is there any way around this? Can I block the config sync? or make it a manual step?

Thanks

James



This thread was automatically locked due to age.
Parents
  • 0

    Does anyone know if this is resolved on 18 MR4?

  • 0 in reply to jamesharper

    Hi ,

    OTP is a one-time password and is valid only for one time use.

    I tried to login into User Portal the first time and able to login successfully with password + OTP. Now, I logged out and log in again using the password + OTP(same OTP) before OTP expired. I'm unable to log in using the same OTP.

    I have analyzed the access_server debug log and found authentication is declining because the same OTP used again. Please refer to sample logs.

    ======

    DEBUG Jan 06 12:59:20 [OTP_AUTH]: (otp_code_correct): binlen 60 now 1609918160 timestep 120 window 1 code 495383 oath_res 0 otp_pos_in_window 0
    ERROR Jan 06 12:59:20 [OTP_AUTH]: (otp_code_correct): User test provided the same OTP code, declining it
    MESSAGE Jan 06 12:59:20 [OTP_AUTH]: (otp_handle_short_password_success_request): REJECT1 for user test (bad OTP code or user's token is not active)

    =======

    In short, we can't use the same OTP a second time. 

Reply
  • 0 in reply to jamesharper

    Hi ,

    OTP is a one-time password and is valid only for one time use.

    I tried to login into User Portal the first time and able to login successfully with password + OTP. Now, I logged out and log in again using the password + OTP(same OTP) before OTP expired. I'm unable to log in using the same OTP.

    I have analyzed the access_server debug log and found authentication is declining because the same OTP used again. Please refer to sample logs.

    ======

    DEBUG Jan 06 12:59:20 [OTP_AUTH]: (otp_code_correct): binlen 60 now 1609918160 timestep 120 window 1 code 495383 oath_res 0 otp_pos_in_window 0
    ERROR Jan 06 12:59:20 [OTP_AUTH]: (otp_code_correct): User test provided the same OTP code, declining it
    MESSAGE Jan 06 12:59:20 [OTP_AUTH]: (otp_handle_short_password_success_request): REJECT1 for user test (bad OTP code or user's token is not active)

    =======

    In short, we can't use the same OTP a second time. 

Children
No Data