|
|
|
|
|
|
by withinboredom
1293 days ago
|
|
|
What's worse is if you can get rudimentary access to the target. If you can force a deauth (usually by just DOSing the domain), you can force them through the flow again. But as the domain is DOSed, you can do authentication at the same time from a non-DOSed route. Thus they authenticate the attacker instead of themselves. In my experience, tools don't see a difference between a 409/disconnect. They just see "error, need to reauth" (Docker, cough) |
|
|