Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
cross-site ?from can be used for phishing
Using cross-site ?from, the user can be presented with a fake "auth failed" page, which will trick them into logging in again. Since they are now on a different site, the site can capture their user, password, and current token in order to steal their access to the real site.
- Loading branch information