Feature Requests
Share ideas, discuss and vote on requests from other users in community
 

Avoid prefill of 2FA form token

Roberto Alvarado shared this idea 1 year ago
Under Consideration

Hi,

If your using the 2FA addon in your whmcs (including in whmcs.com), you can see the 2FA token/code can be remembered or autofilled by your browser, there is not reason to remember a expired token and may be a security problem.

When you check the login.tpl the html form of the 2FA is on a variable "{$challengeHtml}", so you cant modify the form to add, for example, autocomplete="off" to it.

  1. <div class="text-center" align="center">

    {$challengeHtml}

    </div>

Please, add the autocomplete="off" or what need it to avoid the autofill of the token.

Thanks

Regards