Skip to content
This repository has been archived by the owner on Mar 2, 2024. It is now read-only.

The secret used for MFA in Cognito is static. Research how to flag an MFA device as compromised #1029

Open
Kielo87 opened this issue Sep 6, 2022 · 0 comments
Open

The secret used for MFA in Cognito is static. Research how to flag an MFA device as compromised #1029

Kielo87 opened this issue Sep 6, 2022 · 0 comments
Milestone
x Dark pool

Comments

@Kielo87
Copy link
Contributor

Kielo87 commented Sep 6, 2022

If the MFA device secret gets exposed, there is no simple way to disable it. It seems like one has to recreate the app client

Manual solution: Reset client manually if this happens. Or test reinstalling Cognito.
@yngvark yngvark added this to the Dark pool milestone Sep 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
x Dark pool
Development

No branches or pull requests
2 participants
@yngvark @Kielo87