Cybersecurity - Memes

2889 readers

1 users here now

Only the hottest memes in Cybersecurity

founded 2 years ago

MODERATORS

[email protected]

567

Uh oh, somebody's not following best practices, that's a paddlin (lemmy.world)

submitted 2 weeks ago by [email protected] to c/[email protected]

103 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 2 weeks ago

Aquire password database (it's properly hashed and salted)
Create an account and access the password reset form
Dig into the front-end code to find whatever is doing the hash calculations
Brute-force a list of common passwords and look for matches

It would still take significant time, but it's still a vulnerability, especially as technology evolves. You're right that best practices are different for a reset form, but there are some things that are common (like don't do hashes in the front end).