Software security sigh Show more
A person asked why a simple HTTP(S) PUT endpoint that took old password and new password to change a password might be susceptible to replay attacks.
What's to replay?! What's to replay?! This is like Remedial Web Security 101. This is why we can't have nice things and software security will forever be a sad joke.