https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28787
--- Comment #9 from Marcel de Rooy <[email protected]> --- (In reply to David Cook from comment #5) > This looks like a hack. We should pass the code in via a public > method/function. That said, it looks like this OTP will wind up in the > message_queue table? How vulnerable is that? Surely, the token will be expired very quickly but can we get back to the originating secret? And that said, would an attack on the email not have a higher chance of success ? https://security.stackexchange.com/questions/42671/is-oath-totp-and-or-google-authenticator-vulnerable-if-an-attacker-has-n-pre -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
