Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security: Using Google Charts for the 2-Factor-Auth QR-Code is insecure #1044

Closed
allo- opened this issue May 24, 2016 · 1 comment
Closed

Comments

@allo-
Copy link

allo- commented May 24, 2016

The 2FA-QR-Code is displayed using the google chars api, while transmitting username, Webmail Name and the 2FA-secret in the same url.

This is all information needed to degrate the security from 2FA to the security of a normal password authentication.

@RainLoop
Copy link
Owner

RainLoop commented Jun 4, 2016

Fixed in the last version.

@RainLoop RainLoop closed this as completed Jun 4, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants