The Clock Doesn't Lie: Timing Attacks in Authentication Flows
A timing side-channel in JSONAuth allows unauthenticated attackers to enumerate valid usernames based on response time differences.
TAG ARCHIVE
#auth
3 posts across research, tutorials, and notes.
Authentication Bypass via Forwarded Header Trust
Investigation into an authentication bypass caused by trusting a forwarded identity header at the edge gateway.
Testing Password Reset Flows for Token Reuse and Host Poisoning
Step-by-step methodology for validating reset flow token handling, expiry controls, and host header trust boundaries.