Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Sanitize 2FA response #11263

Merged
merged 2 commits into from Aug 24, 2020
Merged

Conversation

saurabh6790
Copy link
Member

@saurabh6790 saurabh6790 commented Aug 13, 2020

Description:

In frappe/frappe/twofactor.py in Frappe 13,

In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.

front port of #11262

ISS-20-21-03714

@saurabh6790 saurabh6790 requested a review from a team as a code owner August 13, 2020 12:07
@saurabh6790 saurabh6790 requested review from scmmishra and removed request for a team August 13, 2020 12:07
@stale
Copy link

stale bot commented Aug 23, 2020

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed within 3 days if no further activity occurs, but it only takes a comment to keep a contribution alive :) Also, even if it is closed, you can always reopen the PR when you're ready. Thank you for contributing.

@stale stale bot added inactive and removed inactive labels Aug 23, 2020
@surajshetty3416 surajshetty3416 changed the title fix: sanitize 2fa response fix: Sanitize 2FA response Aug 24, 2020
@surajshetty3416 surajshetty3416 merged commit df7a575 into frappe:develop Aug 24, 2020
3 checks passed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 16, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants