Closed jwag956 closed 5 months ago
Two-factor setup has 2 modes - initial setup prior to a user even signing in for the first time - and a more normal change two-factor workflow. It isn't clear that in the second case - CSRF is properly checked.
Two-factor setup has 2 modes - initial setup prior to a user even signing in for the first time - and a more normal change two-factor workflow. It isn't clear that in the second case - CSRF is properly checked.