Security: magic links are insecure and should instead ask the user to type a code sent by mail #38

New Issue

Open

opened 2021-06-02 16:42:35 +02:00 by ashpie · 0 comments

ashpie commented 2021-06-02 16:42:35 +02:00

Owner

Copy Link

Magic links currently is subject to involuntary login in attackers.

1. Attacker request login
2. User accidentaly clicks on the link
3. Attacker is logged in as the user

Magic links currently is subject to involuntary login in attackers. 1. Attacker request login 2. User accidentaly clicks on the link 3. Attacker is logged in as the user

ashpie added this to the v0.24.0 milestone 2021-06-02 16:42:35 +02:00

ashpie added the

feature/enhancement

label 2021-06-02 16:42:35 +02:00

ashpie self-assigned this 2021-06-02 16:42:35 +02:00

ashpie modified the milestone from v0.24.0 to v0.26.0 2021-11-09 19:40:00 +01:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

develop

main

svelte

extendable

code-cleanup

swaf-creation

v0.25.1

v0.25.0

v0.24.10

v0.24.9

v0.24.8

v0.24.7

v0.24.6

v0.24.5

v0.24.4

v0.24.3

v0.24.1

v0.24.0

v0.23.10

v0.23.9

v0.23.8

v0.23.7

svelte-old

v0.23.6

v0.23.5

v0.23.4

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.5

v0.22.4

v0.22.3

v0.22.2

v0.22.1

v0.22.0

v0.22.0-rc.24

v0.22.0-rc.23

v0.22.0-rc.22

v0.22.0-rc.21

v0.22.0-rc.20

v0.22.0-rc.19

v0.22.0-rc.18

v0.22.0-rc.17

v0.22.0-rc.16

v0.22.0-rc.15

v0.22.0-rc.14

v0.22.0-rc.13

v0.22.0-rc.12

v0.22.0-rc.11

v0.22.0-rc.10

v0.22.0-rc.9

v0.22.0-rc.8

v0.22.0-rc.7

v0.22.0-rc.6

v0.22.0-rc.5

v0.22.0-rc.4

v0.22.0-rc.3

v0.22.0-rc.2

v0.22.0-rc.1

v0.21.13-rc.3

v0.21.13-rc.2

v0.21.13-rc.1

v0.21.12

v0.21.11

v0.21.10

v0.21.10-rc.1

v0.21.9

v0.21.8

v0.21.7

v0.21.6

v0.21.5

v0.21.4

v0.21.3

v0.21.2

v0.21.1

v0.21.0

v0.21.0-rc.2

v0.21.0-rc.1

v0.20.6

v0.20.5

v0.20.5-rc.4

v0.20.5-rc.3

v0.20.5-rc.2

v0.20.5-rc.1

v0.20.4

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.1

v0.19.0

v0.18.0

v0.17.2

v0.17.1

v0.17.0

v0.15.5

v0.14.0

v0.13.9

v0.1.1

Labels

Clear labels   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

feature/enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

refactor

  

Tests

  

wontfix

This won't be fixed

No Label

bug

duplicate

feature/enhancement

help wanted

invalid

question

refactor

Tests

wontfix

Milestone

Clear milestone

No items

No Milestone

v0.26.0

Assignees

Clear assignees

No Assignees

ashpie

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ashpie/swaf#38

No description provided.