Gandi is a French domain name registrar I use for all my domains, which also supports the volunteers behind some FLOSS projects. On Tuesday 27 september 2016 I found a flaw in their login form which allowed to completly bypass two factor authentication (2FA), after you inserted the right handle and password.
