Closed
Bug 1049004
Opened 10 years ago
Closed 10 years ago
[spartacus] trigger provider logout after PIN reset
Categories
(Marketplace Graveyard :: Payments/Refunds, defect, P3)
Tracking
(Not tracked)
RESOLVED
FIXED
2014-12-02
People
(Reporter: kumar, Assigned: scolville)
References
Details
Just to be paranoid, it would be a good defense-in-depth measure to always log the user out of Bango (and other providers) after a PIN reset. This means that if our PIN reset flow was ever compromised (see bug 1048976!) then at least the attacker wouldn't gain access to saved credit cards so easily.
Logging the user out of Bango like this shouldn't pose too much of a usability problem since the user had already gone through a PIN reset anyway. They are already in the sad path of re-entering credentials.
FYI, the reset PIN flow was affected by bug 1042381
Updated•10 years ago
|
Priority: -- → P3
Comment 1•10 years ago
|
||
Is this required? We can't be adding more to single page app at this stage.
Following our vidyo conversation this can be looked at post-release.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2014-12-02
You need to log in
before you can comment on or make changes to this bug.
Description
•