Sign up to save your podcasts
Or
Share Episode 173 - Enumeration Attacks!
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 173 - Enumeration Attacks!
Yet ANOTHER episode of Absolute AppSec with Seth and Ken! User enumeration vulnerabilities are the order of the day. Seth digs in on an interesting #talesfromconsulting where security questions, and the different way they appeared for real users and invalid users, revealed valid user accounts on an application. Further enumeration flaws using WAF bypasses in production systems. A story from Ken on a case where an application only checked that password-reset token was valid, but not tied to an account, allowing for unauthorized password reset of _any_ user account.
View all episodes
By Ken Johnson and Seth Law
4.9
1717 ratings
Yet ANOTHER episode of Absolute AppSec with Seth and Ken! User enumeration vulnerabilities are the order of the day. Seth digs in on an interesting #talesfromconsulting where security questions, and the different way they appeared for real users and invalid users, revealed valid user accounts on an application. Further enumeration flaws using WAF bypasses in production systems. A story from Ken on a case where an application only checked that password-reset token was valid, but not tied to an account, allowing for unauthorized password reset of _any_ user account.
More shows like Absolute AppSec
View all
Stuff You Should Know
78,688 Listeners
Planet Money
30,609 Listeners
Risky Business
371 Listeners
Darknet Diaries
8,077 Listeners
Application Security Weekly (Audio)
13 Listeners