Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Sanitise 2FA response #11262

Merged
merged 2 commits into from Aug 24, 2020

Conversation

saurabh6790
Copy link
Member

@saurabh6790 saurabh6790 commented Aug 13, 2020

Description:

In frappe/frappe/twofactor.py in Frappe 12,

In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.

ISS-20-21-03714

@saurabh6790 saurabh6790 changed the title Fix: sanitise response for 2fa fix: sanitise response for 2fa Aug 13, 2020
@barredterra
Copy link
Collaborator

Could you please provide a description what is the current behaviour, why this needs to be changed and what will be the new behaviour?

@stale
Copy link

stale bot commented Aug 24, 2020

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed within 3 days if no further activity occurs, but it only takes a comment to keep a contribution alive :) Also, even if it is closed, you can always reopen the PR when you're ready. Thank you for contributing.

@stale stale bot added the inactive label Aug 24, 2020
@surajshetty3416 surajshetty3416 added the add-description Details or Reason for the change. Also add screenshots and animated GIF if applicable label Aug 24, 2020
@stale stale bot removed the inactive label Aug 24, 2020
@surajshetty3416 surajshetty3416 self-assigned this Aug 24, 2020
@surajshetty3416 surajshetty3416 removed the add-description Details or Reason for the change. Also add screenshots and animated GIF if applicable label Aug 24, 2020
@surajshetty3416 surajshetty3416 changed the title fix: sanitise response for 2fa fix: Sanitise 2FA response Aug 24, 2020
@mergify mergify bot merged commit 2576431 into frappe:version-12-hotfix Aug 24, 2020
3 checks passed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 16, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants