Skip to content

bug: Signup Bug #5

Closed
Closed
@pantharshit007

Description

@pantharshit007

if a user tries to sign on to your website once all the credentials are in system asks for otp. Still, when I try to re-signup it says my user name already exists which suggests that even before entering OTP it already recorded my info in DB which is a hug vulnerability.

Because of this, I could log in without using any otp recommend you fix this.

Sol: Save the db once otp is verified before that don't do that (I haven't looked at your code so I don't know how you have done the db modelling).

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions