Legal Robot: 2FA manual entry uses wrong encoding

ID H1:260491
Type hackerone
Reporter goodhackonly
Modified 2017-09-14T23:05:02


A security researcher discovered that following another change (from report #259415), we used the wrong encoding for the manually entered secret. No sensitive data was exposed and there was no security risk, but users were unable to manually register a new TOTP device for about 12 hours.