IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  ISVA 10.0.4 The OTP "Regenerate" function is not working

    Posted Tue August 27, 2024 04:20 AM
    Hi Team ,

    My customer needs to set up Email OTP as an MFA factor. I tried the same using ISVA 10.0.4 

    When I test it , the "Regenerate" button is not resetting the OTP Expiry clock as well as the incorrect max OTP attempts. Is this an existing bug in ISVA 10.0.4 Please clarify 

    Steps to Reproduce:

    1. Login to the application .
    2. Getting the Email OTP . I have set the expiry to 10 minutes . 
    3. I submit an incorrect OTP initially .
    4. Then click on "Regenerate" , Now the OTP expiry is not resetting to zero . It is showing the remainder of 10 minutes . Error message below 

    Thanks and Regards,

    Gomathy Sethusankar
    Security Consultant

    Managed Security Services
    Mobile: +91-9901508141
    gsethusa@in.ibm.com
    IBM Security

     



  • 2.  RE: ISVA 10.0.4 The OTP "Regenerate" function is not working

    Posted Wed August 28, 2024 07:56 AM

    Hi Gomathy,

    That is working as designed.



    ------------------------------
    Nick
    IBM Security Verify Customer Support
    ------------------------------

    Original Message


  • 3.  RE: ISVA 10.0.4 The OTP "Regenerate" function is not working

    Posted Wed August 28, 2024 08:40 AM

    Hi Nick ,

    Does the OTP Expiry timeout reset ? The error message is not showing that 



    ------------------------------
    Gomathy Sethusankar
    ------------------------------

    Original Message


  • 4.  RE: ISVA 10.0.4 The OTP "Regenerate" function is not working

    Posted Wed August 28, 2024 09:15 AM

    Hi Nick , 

    My understanding of "Regenerate"  button is that it will reset the incorrect attempts as well the OTP expiry timeout . Is my understanding correct ? Please let me know if there are any document links regarding this functionality . 



    ------------------------------
    Gomathy Sethusankar
    ------------------------------

    Original Message


  • 5.  RE: ISVA 10.0.4 The OTP "Regenerate" function is not working

    Posted Wed August 28, 2024 09:34 AM

    Let's backup.

    OTP expiry time is for the OTP itself.  Hitting regenerate will create a new OTP good for the configured lifetime.

    Hitting regenerate will not reset the number of failed attempts or the amount of time left before a user can retry if they have already hit the max attempts.  If it did that would allow a brute-force attack.

    They are disjoint,

    1) The life of the OTP itself is tied to the OTP itself.

    2) The number of failed attempts and time left to try again if max attempts has been hit is tied to the user, not the OTP or the current session.



    ------------------------------
    Nick
    IBM Security Verify Customer Support
    ------------------------------

    Original Message


  • 6.  RE: ISVA 10.0.4 The OTP "Regenerate" function is not working

    Posted Wed August 28, 2024 10:21 AM

    Hi Nick,

    Thank you for the info ! Just that i got it right . 

    For Example , I have OTP expiry as 10 mins ,  if we click Regenerate at 8th minute, the new OTP is valid for just 2 mins?  



    ------------------------------
    Gomathy Sethusankar
    ------------------------------

    Original Message


  • 7.  RE: ISVA 10.0.4 The OTP "Regenerate" function is not working

    Posted Wed August 28, 2024 12:24 PM

    The retry is tied to the life of the OTP.  As long as the user has not hit max attempts the new OTP will have 10 minutes.



    ------------------------------
    Nick
    IBM Security Verify Customer Support
    ------------------------------

    Original Message


Related Content