Problem: we mask the user's 2FA email address in login so that a potential attacker wouldn't know to which email the code was sent in the case of logging in with stolen credentials. This is nullified however by the fact that the masking is done client side. The attacker can easily get the information from the DevTools. As such, this is a minor security issue.
Description
Problem: we mask the user's 2FA email address in login so that a potential attacker wouldn't know to which email the code was sent in the case of logging in with stolen credentials. This is nullified however by the fact that the masking is done client side. The attacker can easily get the information from the DevTools. As such, this is a minor security issue.