pjc09h
commented
1 year ago Should be mitigated in this commit, need to check database before deploying: https://github.com/biotorrents/gazelle/commit/8c7a0de69291623ce73f3cce21aaa1ad3f1edc14
Closed pjc09h closed 1 year ago
pjc09h
commented
1 year ago Should be mitigated in this commit, need to check database before deploying: https://github.com/biotorrents/gazelle/commit/8c7a0de69291623ce73f3cce21aaa1ad3f1edc14
Just noticed this. The check for a valid 2FA code needs to include the existence of such a code in the database, rather than a check for whether the actual form field has a value. So if they have 2FA set up and don't enter a code, the login method should throw ASAP.