Update Race Condition.md
This commit is contained in:
parent
620205f186
commit
5cb2284819
@ -216,8 +216,12 @@ One such example is when high-resolution timestamps are used instead of cryptogr
|
|||||||
|
|
||||||
Consider a password reset token that is only randomized using a timestamp. In this case, it might be possible to trigger two password resets for two different users, which both use the same token. All you need to do is time the requests so that they generate the same timestamp.
|
Consider a password reset token that is only randomized using a timestamp. In this case, it might be possible to trigger two password resets for two different users, which both use the same token. All you need to do is time the requests so that they generate the same timestamp.
|
||||||
|
|
||||||
![info]
|
|
||||||
To confirm for example the previous situation you could just ask for 2 reset password tokens at the same time (using single packet attack) and check if they are the same.
|
|
||||||
|
> ⚠️ NOTE
|
||||||
|
>
|
||||||
|
> To confirm for example the previous situation you could just ask for 2 reset password tokens at the same time (using single packet attack) and check if they are the same.
|
||||||
|
|
||||||
|
|
||||||
## Hidden substates case studies
|
## Hidden substates case studies
|
||||||
### Confirm other emails
|
### Confirm other emails
|
||||||
|
Loading…
Reference in New Issue
Block a user