Dashboard Articles Playground Discussions More
Follow

"current password"

Vibhakar Solanki [gala]
7 years ago | edited 7 years ago

0

I was just changing my password
and i saw

Image

HT asks for New pass and repeat pass

Now some of u mignt think yeah,so what ???

well what if someone gets hold of your pass

he can then change the pass easily [though he will be a as*hole if he does that]

thats why i think that HT should have Three fields

[list]
[] current password
[]new password
[*]repeat password
[/list]

 

GitHub-p0lygun-white?style=for-the-badge&logo=github Discord-gala%234315-5865F2?style=for-the-badge&logo=discord

4replies
4voices
204views
1image
tehron
7 years ago

2

If someone has your password, he won’t dare to enter it as “current password”, right?

dimooz
7 years ago

0

Maybe HT should disconnect users when inactivity > 15 mn (in example), by the way you could almost be sure that nobody will use your profile (to change your pass) if you forgot to logout by yourself..?

 

Image

f0rk [HackingGuy]
7 years ago | edited 7 years ago

0

I think @gala was alluding to some form of bypassing authentication, rather than stealing credentials, such as cookie injection. But to be fair, just adding a ‘current password’ parameter would only aid security in a scenario of auth bypass, which is highly unlikely. We should develop a comprehensive system ( such as multi-factor auth? ) to change a password.

 

There’s no place like 127.0.0.1

Vibhakar Solanki [gala]
7 years ago

0

well said HackingGuy

 

GitHub-p0lygun-white?style=for-the-badge&logo=github Discord-gala%234315-5865F2?style=for-the-badge&logo=discord

Discussion thread has been locked. You can no longer add new posts.
1 of 5

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss