[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Risk in Validating new password at client side

From: "Appsec Punter" <appsec.punter@xxxxxxxxx>
Subject: [WEB SECURITY] Risk in Validating new password at client side
Date: Mon, 6 Aug 2007 13:46:20 +0300

------=_Part_101360_731126.1186397180587
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi List,
What could be the risk/problem if application validates the new password and
confirm new password (same or not) at the client side? Application doesn't
send the confirm password at all to the server. It sends only old n new
password.
I can only think of violating password policy.
Any other issues..

Thanx in advance.

------=_Part_101360_731126.1186397180587
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi List,<br>What could be the risk/problem if application validates the new password and confirm new password (same or not) at the client side? Application doesn&#39;t send the confirm password at all to the server. It sends only old n new password. 
<br>I can only think of violating password policy. <br>Any other issues..<br><br>Thanx in advance.<br><br>

------=_Part_101360_731126.1186397180587--

Follow-Ups:
- RE: [WEB SECURITY] Risk in Validating new password at client side
  - From: White, Dain P
- Re: [WEB SECURITY] Risk in Validating new password at client side
  - From: Pranay Kanwar

Prev by Date: Re: [WEB SECURITY] List slowdown during blackhat
Next by Date: RE: [WEB SECURITY] Risk in Validating new password at client side
Previous by thread: Re: [WEB SECURITY] List slowdown during blackhat
Next by thread: RE: [WEB SECURITY] Risk in Validating new password at client side
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site