|
|
|
|
|
|
by gumby
1991 days ago
|
|
|
What's clever here is that it hijacks a full, legitimate login (including asking for the second factor, using proper IP addresses et al) then gains the full access token. Doesn't matter what security the user has added: if they are willing to type their credentials into a web view they lose their trust. |
|
|