Open ana0 opened 5 years ago
For 2.5 minutes a man-in-the-middle could overtake a users account with the same signed message they used to recover it. We should either blacklist timestamps that have been used already, or block account recoveries for more than 2.5 minutes.
For 2.5 minutes a man-in-the-middle could overtake a users account with the same signed message they used to recover it. We should either blacklist timestamps that have been used already, or block account recoveries for more than 2.5 minutes.