Passwords

136 readers

1 users here now

Discussion of passwords, password managers, biometrics, CAPTCHAs, secret questions, MFA/2FA/2SV, or other factors related to user authentication.

founded 1 year ago

MODERATORS

[email protected]

knowing when to trust a login page on a Cloudflare site (infosec.pub)

submitted 3 months ago by [email protected] to c/[email protected]

0 comments fedilink hide all child comments

cross-posted from: https://infosec.pub/post/10262373

Question for people willing to visit Cloudflare sites:

How do you determine whether to trust a login page on a CF site? A sloppy or naïve admin would simply take the basic steps to putting their site on Cloudflare, in which case the authentication traffic traverses CF. Diligent admins setup a separate non-CF host for authentication.

Doing a view-source on the login page and inspecting the code seems like a lot of effort. The source for the lemmy.world login page is not humanly readable. It looks as if they obfuscated the URLs to make them less readable. Is there a reasonably convenient way to check where the creds go? Do you supply bogus login info and then check the httpput headers?

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here