25 May
2022
25 May
'22
12:20 p.m.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28787 --- Comment #9 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- (In reply to David Cook from comment #5)
This looks like a hack. We should pass the code in via a public method/function. That said, it looks like this OTP will wind up in the message_queue table?
How vulnerable is that? Surely, the token will be expired very quickly but can we get back to the originating secret? And that said, would an attack on the email not have a higher chance of success ? https://security.stackexchange.com/questions/42671/is-oath-totp-and-or-googl... -- You are receiving this mail because: You are watching all bug changes.