The browser’s back and refresh features can be used to steal passwords from
insecurely written applications.
This paper discusses the problem and the solution.
- We will show how a bad guy can access the user credentials of the previously logged in user by exploiting this feature, if the web application has not been developed securely
Stealing_passwords_via_browsers.pdf (177.3 KB)