Do not mix param types in "change password" (OWASP 920230)

blossom-project / blossom

Blossom is a Java framework based on Spring-Boot which enables you to realize your projects quickly and smoothly. It comes with several modules and tools made to ease and speed up your development process.

http://blossom-project.com

Apache License 2.0

21 stars 21 forks source link

Do not mix param types in "change password" (OWASP 920230) #239

Closed RLejolivet closed 3 years ago

RLejolivet commented 3 years ago

Token moves from a query param to a form param when posting new password

coveralls commented 3 years ago

Coverage increased (+0.009%) to 56.43% when pulling 5ec27ad6e5451a70760fed57134045876ca8177e on owasp-920230 into 23aaf6f842bdd5d8e7da61b9dafbf0b77cf04d71 on master.