Fixed User's IP is not recorded after password authentication, but before 2FA completes

X

Xon

Well-known member
Affected version
2.1.7
If a user has 2FA enabled, the IP is only recorded after 2FA completes and not after the username/passwords has been entered.

This makes detecting from log when a user's password is compromised but 2FA prevents the login very hard.

Finally, as these are separate requests; it could be over multiple/seperate IPs.
 
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.1.10).

Change log:
Log IP when TFA check is triggered
Click to expand...
There may be a delay before changes are rolled out to the XenForo Community.
 
Top Bottom