View Issue Details

IDProjectCategoryView StatusLast Update
0005122SOGoWeb Preferencespublic2020-08-10 14:10
ReporterMAGIC Assigned To 
PrioritynormalSeveritymajorReproducibilityN/A
Status newResolutionopen 
PlatformLinuxOSDebianOS Version10
Product Versionnightly master 
Summary0005122: Two factor auth can be disabled without asking for password
Description

Hello,

The two factor auth can be disabled without asking for password which can be dangerous if there's a XSS present.
Also see following issues where we had the same-ish problems:
https://sogo.nu/bugs/view.php?id=4140
https://sogo.nu/bugs/view.php?id=3246

TagsNo tags attached.

Relationships

related to 0005121 new No backup codes/entering 2FA-code for enabling two factor auth 

Activities

dragoangel

dragoangel

2020-08-07 18:41

reporter   ~0014649

upvote

Issue History

Date Modified Username Field Change
2020-08-07 18:08 MAGIC New Issue
2020-08-07 18:41 dragoangel Note Added: 0014649
2020-08-10 14:10 Christian Mack Relationship added related to 0005121