ChallengeValidationErrorMemoAndMuxedAccount
extends ErrorException
in package
Exception thrown when both a memo and muxed account are present in authentication request.
Thrown when the challenge transaction contains a memo while the client account is a muxed account (M...). Muxed accounts and memos serve the same purpose (identifying users within shared accounts) and are mutually exclusive. Using both simultaneously creates ambiguity in user identification.
Security Implications: Allowing both memo and muxed account could create user identification ambiguity and potential authentication bypass vulnerabilities. The memo embedded in a muxed account address and a separate transaction memo could reference different users, leading to access control violations. Enforcing mutual exclusivity ensures unambiguous user identification in shared account scenarios.
Common Scenarios:
- Client provides muxed account (M...) and also requests authentication with memo
- Server generates challenge with memo for muxed account address
- Implementation error not detecting muxed account format
- Attempt to use both identification methods simultaneously
- Configuration error mixing memo and muxed account authentication