WordPress.org

Making WordPress.org

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#3498 closed defect (duplicate)

Two-Factor authorization to SVN

Reported by: tazotodua Owned by:
Milestone: Priority: normal
Component: Login & Authentication Keywords:
Cc:

Description

Hi.
I think it's a kinda of security vulnerability, that WP.org doesnt use 2-factor authorization - while we login here, on wp.org, or while authenticating in SVN (like TortoiseSVN or etc.. when submiting plugin or theme).

So, if someone know plain text password, he can cause quite unexpected problems.
It mostly concerns to SNV access for plugins/users, that have thousands of customers.

Yes, there is email notificaiton when change happens on SVN, but it'll be good there was 2 factor auth while trying to login to SVN.

Change History (2)

#1 @ocean90
3 years ago

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #77.

#2 @SergeyBiryukov
3 years ago

  • Component changed from General to Login & Authentication
Note: See TracTickets for help on using tickets.