OWASP #2 - Broken Auth and Session Management

Question

OWASP #2 - Broken Auth and Session Management

nafod opened this issue 10 years ago · 1 comments

Could be in the form of poor password hashing, enumeration on a password recovery form, weak tokens for password recovery, etc

Answer 1 · 2015-04-06T23:47:07.000Z

HttpOnly AND Mass Assignment both exist. Tutorial documents mass assignment during the reg process. Might want to change this eventually, but okay for now.