You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using this plugin for years and it is working awesome but I was thinking how it works and think it has a big flaw. The 2factor "authStatus" is not tied to a session. So a hacker only have to test now and then to see if the mfa is already done and can also log in.
The text was updated successfully, but these errors were encountered:
I'm using this plugin for years and it is working awesome but I was thinking how it works and think it has a big flaw. The 2factor "authStatus" is not tied to a session. So a hacker only have to test now and then to see if the mfa is already done and can also log in.
The text was updated successfully, but these errors were encountered: