-
There are at least 2 distinct cases - when we did not configure the user authorization handler, and when we did.
For the first case, if we use the server from samples (with domain set to http://loc…
hotab updated
7 months ago
-
Under certain circumstances, PAR could be used to create phishing links at the authorization server's domain. This should be listed as a security consideration, along with the circumstances under whic…
-
Sorry that I am proposing this in such an essay, but I am expecting this to be somewhat controversial but it is somewhat important to me:
Currently, I feel like there is a somewhat notable incentiv…
-
- [x] This is not a support question, I have read [about opensource](https://www.powerdns.com/opensource.html) and will send support questions to the IRC channel, [Github Discussions](https://github.c…
-
What version of Gophish are you using?: latest ( [0.12.1](https://github.com/gophish/gophish/releases/tag/v0.12.1) )
Brief description of the issue:
I noticed some email services perform a look…
-
Are any of these points already implemented or currently being worked on? If they are new points, then these can be considered as suggestions. These suggestions are all centered around being censorshi…
-
I read this in the specification:
"Clients MUST NOT accept certificates with this extension in TLS connections (Section 4.4.2.2 of [RFC8446])."
I don't see any specific reason for this. I would su…
-
Hi everybody,
This entry is not for an issue but for an open discussion. During my spare time, I've tried to dive deeper in the subject of Real-Time Phishing.
I'm interested in this kind of scenario…
-
Hi,
by developing the PR in #157 we tried to think whether this will introduce a security problem. During the discussion we noticed the authorization header will be added to every url - to any host…
-
I can't sign up into the site. How long the registration will be closed?