So, a HTTP access logs may expose of a reverse-proxy may expose these tokens in plain-text. Specially tokens such as OAuth 2.0 authorization tokens, refresh tokens are vulnerable since those may get passed around via HTTP query parameters. What if the attacker has took a photo of your session cookies such as “JSESSIONID” of your company web server? Then, he can plant that on his machine, and act as yourself. How to test Token Binding with Google Chromeĭo you know how vulnerable you can be when you leave your computer unlocked for five minutes? Apart from pranks you may get subjected to, stealing of user credentials and session hijacking is major issue.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |