|
|
|
|
|
|
by msimpson
3530 days ago
|
|
|
The article is simply pointing out that services which record referrers can inadvertently store live password reset tokens if you're not careful. For instance, someone places Google Analytics in the head of the default layout for a given site. Now traffic to and from the password reset page, which uses that layout, is being recorded. This means an attacker would only need to gain access to that account, which is probably much less guarded, and gather referrers containing password reset tokens. From there they could quickly try the last few--which might still be active--and easily gain access to one or more accounts within the site. |
|
|
So "that account" you mention, is it the Google analytics account or the web application (leaking urls) account? Why is it much less guarded?