- Issue created by @cmlara
Currently in the code we have a number of areas that could 'fail open', these do not currently cause any exploitable security issues, however they ultimately pose a weakness in the design of TFA that we should harden to reduce risks in the future.
N/A
Convert code that can fail-open into fail-secure alternatives.
N/A
N/A
N/A
Active
2.0
Code
It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.