HotDoc

HotDoc Booking has just introduced Multi-factor authentication to all the patient users. This security feature allows patients to set up the MFA on their email and receive one-time codes required to log in to HotDoc. We highly recommend you take a look at this additional attack surface – which hopefully means more vulnerabilities! Here is what’s new:

---

Multi-factor authentication for patients on HotDoc Bookings

What's this feature about?

Patients can now go to the Security tab on their HotDoc account setting page to set up their multi-factor authentication method to protect their account with an extra layer of protection! Our MFA solution is asking for a Time-based One-time Password after the initial password is validated during the login process. There is current one way for a patient to gain the one-time code which is via their email.

What happens if you set it up?

You will be asked to input a one-time password as the second step of authentication during the login process on HotDoc. Failing to provide the correct one-time password will stop you from being successfully authenticated.

How to enable the MFA?

1. Log into the HotDoc Bookings website.
2. Click on the top right account initials to access your settings and then click on the Security tab.
3. Follow the instructions to finish the setup.

More to be found on How do I mange Multi-Factor Authentication settings on my account?

Have fun! As always, please see the program brief for the full details around testing. If you have any questions, please reach out to support@bugcrowd.com.

Get out there and lay claim to those bugs!