[RSS Feed/News] E-Mail TFA leaks email address

Status
Not open for further replies.

XenForo

Administrative
  • Thread starter
  • Admin
  • #1
This is most likely "Working as designed" but in the case the design is questionable ;)

TFA is meant to protect the account (and sensitive data within it), but unfortunately emai TFA displays the following message when triggered:
An email has been sent to <b>{email}</b> with a single-use code. Please enter that code to continue.
Click to expand...

In case of an unauthorized access to the account (by an attacker that only has username and password) this leaks the users email address - effectively...

Read more

ادامه مطلب...
 
Status
Not open for further replies.
Back
Top Bottom