Legal Robot: 2FA manual entry uses wrong encoding

2017-08-15T20:27:32
ID H1:260491
Type hackerone
Reporter goodhackonly
Modified 2017-09-14T23:05:02

Description

A security researcher discovered that following another change (from report #259415), we used the wrong encoding for the manually entered secret. No sensitive data was exposed and there was no security risk, but users were unable to manually register a new TOTP device for about 12 hours.