|
|
|
|
|
|
by Rygian
1369 days ago
|
|
|
I have read the linked post too quickly before sending my initial comment. Indeed, a back-channel notification to the legitimate account owner is probably a good idea. On the other hand, disclosing to the attacker that they got the password right is not acceptable. |
|
|