1
1

cross-posted from: https://infosec.pub/post/10262373

Question for people willing to visit Cloudflare sites:

How do you determine whether to trust a login page on a CF site? A sloppy or naïve admin would simply take the basic steps to putting their site on Cloudflare, in which case the authentication traffic traverses CF. Diligent admins setup a separate non-CF host for authentication.

Doing a view-source on the login page and inspecting the code seems like a lot of effort. The source for the lemmy.world login page is not humanly readable. It looks as if they obfuscated the URLs to make them less readable. Is there a reasonably convenient way to check where the creds go? Do you supply bogus login info and then check the httpput headers?

2
1
Passwords (infosec.pub)
submitted 1 year ago by luky@infosec.pub to c/passwords@infosec.pub

I think passwords are great what do you think?

Passwords

142 readers
2 users here now

Discussion of passwords, password managers, biometrics, CAPTCHAs, secret questions, MFA/2FA/2SV, or other factors related to user authentication.

founded 1 year ago
MODERATORS