Codes can be re-used
Created by: hannesbochmann
Every code can be re-used at least for a short time. This opens a security hole as an attacker might record the submitted data as man in the middle and re-use the code. If every successful code would be blacklisted per user, this would not be possible except the attacker has access to the device with the authenticator app.
Maybe I can provide a patch if you think this is a problem, too.