|
|
|
|
|
|
by HoyaSaxa
3529 days ago
|
|
|
Just to illustrate a potential scenario: You use a piece of open source software that has a javascript file which the author has hosted on a CDN. In order to mitigate an attack where someone changes the content of the javascript file you use a hash[1] to ensure the file does not change. You think you are safe, but a malicious actor gets access to the CDN and instead of changing the file, instead builds a quick scripts that looks for password reset referrer patterns and races the human to reset the password first. A computer is probably going to win that game that majority of the time. [1] https://github.com/twitter/secureheaders#hash |
|
|