[RSS Feed/News] Two-factor auth and logout behavior

Status
Not open for further replies.

XenForo

Administrative
  • Thread starter
  • Admin
  • #1
I've noticed that the two-factor implementation doesn't logout.

I believe that this could be considered a security flaw in the implantation as after logout out the browser is still validated. If I had to login in someone's else computer, logout won't remove the two-factor access and it will login right away without asking the otp.

When you put a valid two factor code the browser keeps validated for an entire month and it requires to stop trusting the device, I believe that there should be...

Read more

ادامه مطلب...
 
Status
Not open for further replies.
Back
Top Bottom