New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security: Using Google Charts for the 2-Factor-Auth QR-Code is insecure #1044

Closed
allo- opened this Issue May 24, 2016 · 1 comment

Comments

2 participants
@allo-

allo- commented May 24, 2016

The 2FA-QR-Code is displayed using the google chars api, while transmitting username, Webmail Name and the 2FA-secret in the same url.

This is all information needed to degrate the security from 2FA to the security of a normal password authentication.

RainLoop added a commit that referenced this issue May 26, 2016

@RainLoop

This comment has been minimized.

Owner

RainLoop commented Jun 4, 2016

Fixed in the last version.

@RainLoop RainLoop closed this Jun 4, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment