Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Given how widely publicized request smuggling was, I'm surprised it's still a problem for apps with large user bases like Slack.


Other commenters note that some platforms intentionally leave this vuln open because closing it breaks some buggy clients. Convenience over security.


I suppose if having account takeovers is worth the convenience-- sure, it's a tradeoff each company will have to make individually.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: