|
|
|
|
|
|
by gerard
3899 days ago
|
|
|
Not mentioned in the paper's implications section, so I'll ask, is there also a significant "bootstrapping" class of attacks on services where special access is granted to the earliest created account? Eg. Wordpress-like systems without a hardcoded admin username, and an installation process that asks the 'first' client to set the administrator credentials. |
|
|