11-06-2017, 01:12 PM
@SavageStyle,
I really appreciate the detailed response. I've never felt comfortable with the vericode system, but yeah, we missed an obvious check there. Thank you SO MUCH for the detailed post and and the solutions.
I'll issue a patch for 4.2 and 4.3.
One of the discussions we've been having with auto-banning is how to not allow the vericode system to be a source of DOSing the users of the system. In other words, if it only takes 3 guesses or something, I can get you blocked by requesting your password 3 times. Stuff like that. Again...thanks so much for the detailed post and we'll get this sorted this week.
I really appreciate the detailed response. I've never felt comfortable with the vericode system, but yeah, we missed an obvious check there. Thank you SO MUCH for the detailed post and and the solutions.
I'll issue a patch for 4.2 and 4.3.
One of the discussions we've been having with auto-banning is how to not allow the vericode system to be a source of DOSing the users of the system. In other words, if it only takes 3 guesses or something, I can get you blocked by requesting your password 3 times. Stuff like that. Again...thanks so much for the detailed post and we'll get this sorted this week.