Last post Jul 16, 2018 01:15 AM by keatkeat
Jul 12, 2018 04:30 PM|keatkeat|LINK
I have a question, as i know PhoneNumberTokenProvider is implement TotpSecurityStampBasedTokenProvider
time based one time password, and it use for confirm a phone number.
is it possible to be brute force attacks ?
do we need to protect like doing a failed record count or something any ?
Jul 13, 2018 03:27 AM|Brando ZWZ|LINK
In my opinion. we should add the doing a failed record count to protect the confirm a phone number.
If you have enabled use phone number to recover the accout's password.
Then the hacker could use brute force attacks to recover the account's password and get the user information.
So I suggest you could write the loigc to check the failed count.
Jul 16, 2018 01:15 AM|keatkeat|LINK
I got it, thank for reply.