We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
It looks like there is no brute-force protection on the TOTP implementation, without which it is quite vulnerable (i.e. can be brute-forced within a few hours/days in a typical setup). See https://lukeplant.me.uk/blog/posts/6-digit-otp-for-two-factor-auth-is-brute-forceable-in-3-days/ for more info, and this commit for django-otp where I fixed the issue with exponential backoff throttling (it may have evoloved since then).
The text was updated successfully, but these errors were encountered:
No branches or pull requests
It looks like there is no brute-force protection on the TOTP implementation, without which it is quite vulnerable (i.e. can be brute-forced within a few hours/days in a typical setup). See https://lukeplant.me.uk/blog/posts/6-digit-otp-for-two-factor-auth-is-brute-forceable-in-3-days/ for more info, and this commit for django-otp where I fixed the issue with exponential backoff throttling (it may have evoloved since then).
The text was updated successfully, but these errors were encountered: