Otto-AA
commented
1 year ago Related issue for NSS: https://github.com/nodeSolidServer/node-solid-server/issues/1356
Open joeitu opened 2 years ago
Otto-AA
commented
1 year ago Related issue for NSS: https://github.com/nodeSolidServer/node-solid-server/issues/1356
Hello,
Not sure if this is the correct place to create the issue, but today on https://solidcommunity.net I created an account called "password-recovery" and was able to create this: https://password-recovery.solidcommunity.net/
I can imagine a scenario where an attacker would grab email addresses from solidcommunity.net users ( by scraping their WebID document for e.g. ) and then send them a phishing email " All solid community accounts have been compromised, please reset your password on https://password-recovery.solidcommunity.net/"
Of course, solidcommunity.net offers no warranty on security, as it is principal place of experimentation. But I wonder in the future if it would be possible to have at the same time the possibility to host webpage and prevent phishing attacks. Maybe a stronger blacklist? A moderation system, where permission needs to be requested to host a webpage?