Password resets are often weaker than login security, making them a prime target for privilege escalation. Specops Software explains how attackers abuse reset workflows and how to secure them. [...]
7 Ways to Prevent Privilege Escalation via Password Resets
Summary + source link. No paywalls, no tracking.