vos9/Web_Hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Race Condition.md

Browse Source
This commit is contained in:
Mehdi 2023-08-24 11:36:51 +03:30 committed by GitHub
parent 620205f186
commit 5cb2284819
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Race Condition.md
View File

@ -216,8 +216,12 @@ One such example is when high-resolution timestamps are used instead of cryptogr
Consider a password reset token that is only randomized using a timestamp. In this case, it might be possible to trigger two password resets for two different users, which both use the same token. All you need to do is time the requests so that they generate the same timestamp. Consider a password reset token that is only randomized using a timestamp. In this case, it might be possible to trigger two password resets for two different users, which both use the same token. All you need to do is time the requests so that they generate the same timestamp.
![info]
To confirm for example the previous situation you could just ask for 2 reset password tokens at the same time (using single packet attack) and check if they are the same.
> ⚠️ NOTE
>
> To confirm for example the previous situation you could just ask for 2 reset password tokens at the same time (using single packet attack) and check if they are the same.
## Hidden substates case studies ## Hidden substates case studies
### Confirm other emails ### Confirm other emails