Verbesserte Sicherheit durch Verringerung der Zeitbegrenzung der Tokenlebenszeit

2021-10-07 12:01:06 +02:00
parent 35e4e3cd44
commit f053a730f0
3 changed files with 6 additions and 4 deletions
--- a/login/ForgotPW.aspx.vb
+++ b/login/ForgotPW.aspx.vb
@@ -168,9 +168,10 @@ Partial Class login_ForgotPW
    Function getDateoftoken(tokenname As String) As Boolean
        Dim data() As Byte = Convert.FromBase64String(tokenname)
        Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
-        If wenn < DateTime.UtcNow.AddHours(-24) Then
+        If wenn < DateTime.UtcNow.AddMinutes(-30) Then
            Return False
            MsgBox("Token nicht gefunden oder zu alt!" + Environment.NewLine + "Bitte erneut Mail senden!")
+            tokenname = ""
        Else
            Return True
        End If