[GUACAMOLE-1689] TOTP - add property to remove (username) from Authenticator setup - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Won't Do
Affects Version/s: 1.4.0
Fix Version/s: None
Component/s: guacamole-auth-totp
Labels:
None

Flags:

Important

Description

When enrolling a user for TOTP, the barcode uses the text from the configured totp-issuer (or the default "Apache Guacamole") and appends " (username)" when creating the new entry in the Authenticator App. For example

totp-issuer DevTest

DevTest (bloggs_joe)

123456

This leaks valuable information (their username for the system) to anyone who might catch sight of a user's authenticator.

For security conscious users it would be good to add an option in the config file to hide the username

totp-hideuser - Flag to hide username from generated authenticator entry. Set value to 1 to hide the username. (Default 0)

totp-issuer DevTest

totp-hideuser 1

DevTest

123456

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Vincent Sherwood

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 29/Sep/22 10:15

Updated:: 30/Nov/22 09:43

Resolved:: 29/Sep/22 17:55