|
|
|
|
|
|
by hot_gril
1248 days ago
|
|
|
So the attacker gets access to the plaintext passwords but not the rest of the database or the ability to skip the 2FA server-side, and the site doesn't notice. Guess I can see that happening still, since the password DB is likely separate. |
|
|