WordPress.org

Making WordPress.org

Opened 14 months ago

Closed 14 months ago

Last modified 14 months ago

#3498 closed defect (duplicate)

Two-Factor authorization to SVN

Reported by: tazotodua Owned by:
Milestone: Priority: normal
Component: Login & Authentication Keywords:
Cc:

Description

Hi.
I think it's a kinda of security vulnerability, that WP.org doesnt use 2-factor authorization - while we login here, on wp.org, or while authenticating in SVN (like TortoiseSVN or etc.. when submiting plugin or theme).

So, if someone know plain text password, he can cause quite unexpected problems.
It mostly concerns to SNV access for plugins/users, that have thousands of customers.

Yes, there is email notificaiton when change happens on SVN, but it'll be good there was 2 factor auth while trying to login to SVN.

Change History (2)

#1 @ocean90
14 months ago

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #77.

#2 @SergeyBiryukov
14 months ago

  • Component changed from General to Login & Authentication
Note: See TracTickets for help on using tickets.