When Multi-Factor Authentication (MFA) is enabled, users are required to provide a 6-digit code to access Roubler. However, a potential security vulnerability exists where multiple MFA codes can be requested within a short time frame, and all of them remain valid for authentication.
To mitigate the risk of token guessing attacks, it is crucial that only one MFA code remains valid at any given time. To address this, we have improved our system to ensure that only the most recent MFA code is considered valid for accessing Roubler.
Previous MFA codes should automatically become invalid and should not grant access to the system.
By implementing this security measure, the risk of unauthorized access to Roubler through compromised or leaked MFA codes will be significantly reduced, enhancing the overall security of the platform.