Dec 10, 2024
Small correction:
If an attacker got a session cookie from a logged-in user, they wouldn’t need to bypass 2FA. Because the session is already tied to a user who has already completed the 2FA process.
Small correction:
If an attacker got a session cookie from a logged-in user, they wouldn’t need to bypass 2FA. Because the session is already tied to a user who has already completed the 2FA process.
