You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If i have a link to in external site on my login form a user could potentialy click on this hence sending
the referrer URL /mysite.com/resetPassword/token23097xcas01 in referrer header
Possible misuse of password reset token if not used by user before clicking on the external link.
Option
1: Do not Link to external sites or
2: Expire on click of link (probably only implementable on meteor dev level?)
3 (Implementable here): Store token in Session and forward directly to mysite.com/resetpassword
The text was updated successfully, but these errors were encountered:
If i have a link to in external site on my login form a user could potentialy click on this hence sending
the referrer URL /mysite.com/resetPassword/token23097xcas01 in referrer header
Possible misuse of password reset token if not used by user before clicking on the external link.
Option
1: Do not Link to external sites or
2: Expire on click of link (probably only implementable on meteor dev level?)
3 (Implementable here): Store token in Session and forward directly to mysite.com/resetpassword
The text was updated successfully, but these errors were encountered: