[Koha-bugs] [Bug 28787] Send a notice with the TOTP token
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed May 25 13:20:27 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28787
--- Comment #9 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
(In reply to David Cook from comment #5)
> This looks like a hack. We should pass the code in via a public
> method/function. That said, it looks like this OTP will wind up in the
> message_queue table?
How vulnerable is that? Surely, the token will be expired very quickly but can
we get back to the originating secret? And that said, would an attack on the
email not have a higher chance of success ?
https://security.stackexchange.com/questions/42671/is-oath-totp-and-or-google-authenticator-vulnerable-if-an-attacker-has-n-pre
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list