-
Sec. 9.3: this section is worded a bit strange, in particular the phrase "if additional measures are not taken to ensure the authenticity of the application." Since we're discussing authentication att…
-
https://www.zdnet.com/article/dailymotion-discloses-credential-stuffing-attack/
-
https://ciso.economictimes.indiatimes.com/news/data-breaches/biotech-firm-23andme-user-data-stolen-in-credential-stuffing-attack/104273535
-
### Is your feature request related to a problem? Please describe.
Password manager often bundle OTP with their system. This is good convenience to have. Since PK is a good decentralised secret sha…
-
### Description
1. Since the auth tokens are public, this allows attackers to brute force with credential stuffing attacks, by hitting the firebase auth api directly. Firebase should allow overrides …
-
https://www.cpomagazine.com/cyber-security/amtrak-data-breach-stemming-from-credential-stuffing-compromises-guest-rewards-accounts/
-
https://www.infosecurity-magazine.com/news/nandos-customers-hit-credential/
-
**What's the problem this feature will solve?**
Credential stuffing attacks are becoming more common. It may be useful to have a flag which disables or restricts logins to prevent credential stuffi…
-
https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/
-
https://www.theregister.com/2022/11/22/draftkings_credential_stuffing_attack/