Security flaw 2FA – Skipping Password validation

  • Resolved mariusregenbrecht

    (@mariusregenbrecht)


    2 years, 4 months ago

    Hey everyone,

    i stumbled over this weird problem. We use this Plugin for different reasons and wanted to enable 2FA to make the website more secure.
    This way a user has to login with username and password and use an authenticator app in addition.

    Here is the problem: whatever i type into the password field i get redirected to the 2FA page and succesfully log in without ever having to put in the normal account password.

    This is a major security risk since people no longer need the password.

    I tested this on another website too just to check if custom code is in conflict but got the same effect.

    Am i missing something here or does this just skip the password validation?

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security flaw 2FA – Skipping Password validation’ is closed to new replies.