No admin audit entry for enabling/disabling 2FA
Low
Vulnerability Details
Related to https://hackerone.com/reports/1177353
When a user enables or disables 2FA there is no entry in the audit log.
## Impact
Especially for disabling it should probably be logged there. But account security related things should be in there.
Actions
View on HackerOneReport Stats
- Report ID: 1200989
- State: Closed
- Substate: informative
- Upvotes: 3