Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security: Using Google Charts for the 2-Factor-Auth QR-Code is insecure #1044

Closed
allo- opened this issue May 24, 2016 · 1 comment
Closed

Security: Using Google Charts for the 2-Factor-Auth QR-Code is insecure #1044

allo- opened this issue May 24, 2016 · 1 comment

Comments

@allo-
Copy link

@allo- allo- commented May 24, 2016

The 2FA-QR-Code is displayed using the google chars api, while transmitting username, Webmail Name and the 2FA-secret in the same url.

This is all information needed to degrate the security from 2FA to the security of a normal password authentication.

RainLoop added a commit that referenced this issue May 26, 2016
@RainLoop
Copy link
Owner

@RainLoop RainLoop commented Jun 4, 2016

Fixed in the last version.

@RainLoop RainLoop closed this Jun 4, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants