@overcastfm every time I accidentally swipe the timeline scrubber, the new Go Back feature is my favorite. Such a helpful and perfectly implemented improvement. Thank you, Marco.
@frowlink
- 0 Followers
- 104 Following
- 8 Posts
Eric CapuanoI have found the first of will likely be many non-expiring password reset URLs that you may have had stored in #LastPass
If you had a maxmind.com URL in LastPass that included set-password?token= in the parameters, I just tested and those do not expire... Possession of the URL is all you need in order to change the password.
Shame shame, Maxmind.
Want to hunt for your own possibly sensitive URLs? Start with this against your vault export.
cat lastpass_export.csv | cut -d',' -f 1 | grep -a -i -e '^http' | grep -v 'http://sn' | egrep -i '(api|password|reset|secret|token)'
Hello Mastodon.