cve-portal icon indicating copy to clipboard operation
cve-portal copied to clipboard

Published 20 hours ago verified publisher icon CIRCL

Account Token

Open dstoffel opened this issue 10 years ago • 0 comments

Token : change email/reset password

These token should not be constructed with a JSON Web Signature because it is vulnerable to an offline bruteforce attack and it provide the ability to take over any account .

These tokens must be generated randomly, saved into users db and cleared once the new password/email was confirmed.

dstoffel avatar Dec 11 '14 15:12 dstoffel