11-05-2017, 06:21 PM
Thank you for pointing out that the vericode is not checked...this definitely needs to be looked into.
We have discussed the vericode length in several discussions, and where we added IP banning in 4.3 beta (which has to be looked at to be sure the system is working), brute-force shouldn't be an issue, unless someone is using a rolling VPN and during that process is tracking the attempts made.
Vericodes were reviewed during 4.3 to be sure they were re-issued during actions like you mentioned above.
This being said, I think the only change required at this time is vericode checking during the update process, instead of just using the vericode to initiate a display form.
B.
We have discussed the vericode length in several discussions, and where we added IP banning in 4.3 beta (which has to be looked at to be sure the system is working), brute-force shouldn't be an issue, unless someone is using a rolling VPN and during that process is tracking the attempts made.
Vericodes were reviewed during 4.3 to be sure they were re-issued during actions like you mentioned above.
This being said, I think the only change required at this time is vericode checking during the update process, instead of just using the vericode to initiate a display form.
B.