ENXF NET
Administrator
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P.S Member
S.V.I.P Member
V.I.P Member
Collaborate
Registered
- Joined
- Nov 13, 2018
- Messages
- 24,740
- Points
- 823
I have cloudflare set up to send an http header "expose-credential-check" with any requests that include leaked credentials. I'm hoping to intercept such users and show them password reset instructions. Or force 2FA. Has anyone done this with conditionals? Or is this even possible?
The test itself works great. 100 or so users with leaked credentials logged in 24 hours. If I can intercept these it'd be easier than forcing a mass password reset.
Read more
Continue reading...
The test itself works great. 100 or so users with leaked credentials logged in 24 hours. If I can intercept these it'd be easier than forcing a mass password reset.
- Exposed-Credential-Check...
Read more
Continue reading...