Disabling OTP causes login issue with theme login form

  • Resolved Xandro

    (@sudarshankotian)


    2 years, 2 months ago

    Hi, I tried to disable the OTP feature for theme default login form, and I was shocked to see it gives anyone to login even with any password input to someone else’s account. Trust me I tried this by myself.

    This is really dangerous; anyone could easily hack into admin account if one knows the username!!!

    So, temporarily now tried to enable OTP for theme default login form. Which is causing OTP issues with default form, I have mentioned in my earlier issue.

    Is there any work around this issue?

    I think for my case only having email verification is enough. All I want is to have verified email account in our site, don’t need OTP verification every time user wants to login, which might also be frustrating experience for many.

    But disabling the OTP is causing issue with default theme login form, even with registered user’s wrong password giving access to backend. i.e. using a username anybody could login directly, which is really dangerous for site owners.

    I hope you guys understand this and give some solution.

    Thank you.

    • This topic was modified 2 years, 2 months ago by Xandro.
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Disabling OTP causes login issue with theme login form’ is closed to new replies.