🚀 Medial Secures Investment on Shark Tank India - Fueling the Future of Professional Social Networking. 🔥

News

Messages

Try our Valuation Calculator →

Back

Faizan Aalam
•

Bacancy • 12h

Ever thought about why "Username or password is invalid" appears when you enter wrong credentials, instead of a more meaningful message like "Username not found" or "Password did not match"? This is because of an attack called an Oracle Attack, Oracle attacks happen because the server returns validation responses in the form of yes/no or valid/invalid messages. In a login scenario, if we return separate errors like "Password is wrong" or "Email not found", an attacker can use these as an oracle to identify valid email addresses. Once they have a list of confirmed emails, the real attacks begin, Credential Stuffing, Brute Force, Phishing, Social Engineering. This doesn't stop at login. The forgot password flow is another common leak, showing "Email not found" instead of "A password reset link has been sent if you are registered on our platform" gives away the same information. fix: collapse your responses into one generic message.

Recommendations from Medial

Harsh Gupta

Breathe ! Cosmos is ... • 1y

Apps that ask you to login with your username but your username is actually your email are the worst.

1 Reply

Pranav Alonay

Building apps • 1y

Hi me and my friend have created this site(MVP) to help people find study partner from their stress online and to study with them You can login this site by using the following email and password Email : pirara8727@irnini.com Password : 123456 D

11 Replies

Sanjay Kadali
•

Health Catalyst • 4m

Good morning all! So, there was this ask to have a "Forgot Username" link on the login page for Pennywise application. My bad I forgot the gentleman who'd raised it. We are constantly working on tracking down user requests and feedback and record th

Vinay Verma

🚀 Full-Stack Develo... • 9m

Hey, Folks! this side Vinay from TechSpire Solutions looking for an app developer for a quick task Zoom Integration App Overview: Purpose: An app that integrates Zoom SDK for live meetings, with authentication and user account features. App Scr

Anonymous

Hey I am on Medial • 10d

Recently, I’ve been shortlisted for the final pitching round at GUSEC, and I’m really grateful for the opportunity. However, I’m currently facing a small issue while trying to access the GUSEC portal. The registered email ID is not being recognized a

Shuvodip Ray

Never compromise wit... • 11m

⭐ The Domino Effect of a Single Breach 🔐 Imagine you use the same password for a social media account, email, and online banking. If hackers breach the social media platform (which happens daily), they’ll extract your credentials and test them on o

Ankit Joshi

Hey I am on Medial • 1y

𝗧𝗵𝗲 𝗥𝗶𝘀𝗲 𝗼𝗳 𝗔𝗜-𝗕𝗮𝘀𝗲𝗱 𝗣𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗔𝘁𝘁𝗮𝗰𝗸𝘀: AI-based phishing is an emerging cyber threat leveraging machine learning to craft realistic, personalized phishing attacks that bypass traditional defenses. By analyzing languag

Pramodh

Goofed up. • 1y

I already put this up on idea validation , I just needed some more clarity as to whether I am headed in the right direction. I was planning on building an anonymous vertical community for college students where students can register only using their

32 Replies

AIGuts

Exploring AI's poten... • 10m

What Is an AI Email Writer, and How Can It Improve Your Communication? Are you tired of spending too much time writing professional emails? A Free AI Email Writer can completely change the way you communicate. Whether you're drafting an important bu

Utkarsh Pandey

CS Undergrad '24 • 2y

Hey Everyone, I'm developing an app akin to Instagram but tailored for university students. It features curated roadmaps for various courses such as web development, graphic design, UI/UX, data science, and more. Each roadmap covers essential skills

17 Replies