The Clock Doesn't Lie: Timing Attacks in Authentication Flows
A timing side-channel in JSONAuth allows unauthenticated attackers to enumerate valid usernames based on response time differences.
TAG ARCHIVE
#appsec
7 posts across research, tutorials, and notes.
Session Tokens and Password Changes: A Reauthentication Gap in Filebrowser Quantum
Analysis of a password change flow that accepts a valid session token without requiring current-password reauthentication.
Patch Analysis: When a Fix Doesn’t Go Far Enough
An analysis of an incomplete remediation in FileBrowser Quantum where tokenized download URLs remained exposed, resulting in an authentication bypass despite a prior security fix.
Cache Key Mismatch Observation in Reverse Proxy Rules
Quick note documenting a cache poisoning condition caused by query normalization mismatch between CDN and origin cache layers.
Authentication Bypass via Forwarded Header Trust
Investigation into an authentication bypass caused by trusting a forwarded identity header at the edge gateway.
Testing Password Reset Flows for Token Reuse and Host Poisoning
Step-by-step methodology for validating reset flow token handling, expiry controls, and host header trust boundaries.
Security Review Pattern for File Upload Endpoints
A practical review sequence for extension filtering, MIME validation, content sniffing, and asynchronous malware scanning.