authboss v2.1.1 Release Notes
Release Date: 2018-12-10 // over 5 years ago-
๐ Security
- ๐ Fix a bug with the 2fa code where a client that failed to log in to a user account got SessionTOTPPendingPID set to that user's pid. That user's pid was used as lookup for verify() method in totp/sms methods before current user was looked at meaning the logged in user could remove 2fa from the other user's account because of the lookup order.