Closed BababaBlue closed 1 month ago
@OWASPFoundation
@kingthorin qq, so it should not be part of credential stuffing for pass reset?
I meant just that heading/note about the addition.
@kingthorin hi, is it possible to add name to contributor for this change, no biggie if not
:homer-hide:
You could open another PR
thanks 👍 ;)
Added details on how public business information and leak info (such as phone numbers and email addresses) makes it easier for attackers to gather necessary information to reset passwords.