Interesting Hack – class-two-factor-core.php | WordPress.org

Resolved Jacob Hill
(@tekfused)

6 years ago

Hello,

I have a few sites that are reporting that the following file has been modified: class-two-factor-core.php

The only change was removing this line on line 705:

do_action( ‘two_factor_user_authenticated’, $user );

What affect would that have on the plugin? Perhaps this would allow bypassing the two factor requirement?

Thank you!

Jacob Hill

Viewing 1 replies (of 1 total)

Plugin Author Kaspars
(@kasparsd)

6 years ago

Hi! This hook was added in one of the recent releases and it can’t be used for anything apart from detecting when a user is logged-in after the second-factor authentications.

https://github.com/WordPress/two-factor/pull/324/files

Viewing 1 replies (of 1 total)

The topic ‘Interesting Hack – class-two-factor-core.php’ is closed to new replies.

1 reply
2 participants
Last reply from: Kaspars
Last activity: 6 years ago
Status: resolved