[Owasp-leaders] CSRF

Eoin eoin.keary at owasp.org
Tue May 28 22:26:37 UTC 2013


Ok nice Gunnar. I like it.


Eoin Keary
Owasp Global Board
+353 87 977 2988


On 28 May 2013, at 23:24, Gunnar Peterson <gunnar at arctecgroup.net> wrote:

> three things come to mind
> 
> 1. if you have a large enough pool of users and want to brute force
> 
> 2. or simply try and lock out a bunch of users, and force them to a weaker scheme (questions) that you can wedge into
> 
> 3. if the site caches creds somewhere and you can reinstantiate that way
> 
> -gunnar
> 
> 
> 
> On May 28, 2013, at 5:17 PM, Eoin wrote:
> 
>> Does CSRF ing a login page make sense to anyone :)
>> 
>> 
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 


More information about the OWASP-Leaders mailing list