|
|
|
|
|
|
by impostervt
3529 days ago
|
|
|
If you're site uses a password reset token email as the article describes, and your Reset Password page loads 3rd party scripts or css, those 3rd parties (and any servers en route to them) may be able to see the password reset token as part of the HTTP Referer header. |
|
|