Posted Nov 4, 2010 16:11 UTC (Thu) by corbet
In reply to: Gathering session cookies with Firesheep
Parent article: Gathering session cookies with Firesheep
What an attacker could do on a lot of sites is change the email address associated with the account, then request the password (or a reset). That, of course, would be a complete takeover without knowing the original password.
to post comments)