Discourse before v2.4.0.beta2 lacks a confirmation screen when logging in via a user-api OTP.
Source: NIST
CVE-2019-1020017
Security in mind
Discourse before v2.4.0.beta2 lacks a confirmation screen when logging in via a user-api OTP.
Source: NIST
CVE-2019-1020017