all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Is it a bad security practice to provide an endpoint which verifies a reset password token?

Add to bookmarks
April 12, 2022, 10:38 a.m. | /u/average_iranian

cybersecurity www.reddit.com

For the sake of good UX, I made an endpoint that verifies a given token and throws an error if its invalid. This is done so that if the user opens an expired reset password link, they will immediately know if it's expired or not rather than filling all the information and finding out it's expired when they hit submit. It's rate limited pretty harshly (5 requests per 60 seconds) but I wonder if it's bad security practice to have …

bad cybersecurity endpoint password security token

Visit resource

More from www.reddit.com / cybersecurity

Chinese Government Poses 'Bold and Unrelenting' Threat to U.S. Critical Infrastructure, FBI Director Says | … 3 hours ago | www.reddit.com
bureau chinese chinese government critical +10
What is best practice to prevent man in the middle compromising emails? 5 hours ago | www.reddit.com
attack best practice caught cybersecurity +13
Just me, or is every vendor's website awful. WHAT DO YOU ACTUALLY DO? 7 hours ago | www.reddit.com
article customers cybersecurity edr +17
We have Crowdstrike for our EDR. Can we use it as our primary SIEM? 7 hours ago | www.reddit.com
can cons cost crowdstrike +13
Web API Security Champion: Broken Object Level Authorization (OWASP TOP 10) 8 hours ago | www.reddit.com
api api security authorization broken object level authorization +9
Cisco Warns of Large-Scale Brute-Force Attacks on VPNs 9 hours ago | www.reddit.com
article attacks brute brute-force +8
LabHost phishing service with 40,000 domains disrupted, 37 arrested 10 hours ago | www.reddit.com
cybersecurity
Cybersecurity self learning 17 hours ago | www.reddit.com
blue blue team can college +7
I am a new soc analyst , can you suggest me some dashboard ideas that … 22 hours ago | www.reddit.com
analyst can cybersecurity dashboard +6

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Deputy Chief Information Security Officer

@ City of Philadelphia | Philadelphia, PA, United States
View on infosec-jobs.com

Global Cybersecurity Expert

@ CMA CGM | Mumbai, IN
View on infosec-jobs.com

Senior Security Operations Engineer

@ EarnIn | Mexico
View on infosec-jobs.com

Cyber Technologist (Sales Engineer)

@ Darktrace | London
View on infosec-jobs.com
View more jobs