HotDoc

There have been some recent updates to HotDoc Dashboard on the HotDoc program. We highly recommend you take a look at this additional attack surface – which hopefully means more vulnerabilities! Here is what’s new:

---

Multi-factor authentication for clinic users on HotDoc Dashboard

What's this feature about?

Clinic users can now go to the Accounts & Security page on on HotDoc Dashboard to set up their multi-factor authentication method to protect their account with an extra layer of protection! Our MFA solution is asking for a Time-based One-time Password after the initial password is validated during the login process. There are two ways for a clinic user to gain the one-time code: via an authenticator app or via their email.

What happens if you set it up?

You will be asked to input a one-time password as the second step of authentication during the login process on HotDoc Dashboard. Failing to provide the correct one-time password will stop you from being successfully authenticated.

How to enable the MFA?

1. Log into the HotDoc Dashboard.
2. Click on the top right dropdown list and click on Accounts & Security .
3. Choose where you would like the one-time password to be retrieved from and follow the instructions to finish the setup.

More to be found on How can I enable/disable multi-factor authentication for my account?

Have fun! As always, please see the program brief for the full details around testing. If you have any questions, please reach out to support@bugcrowd.com.

Get out there and lay claim to those bugs!