您的旧密码无效,请再次输入旧密码。
Your old password is not valid. Please re-enter your old password.
再次提示输入旧密码,输入alpine。
Again, you're prompted for the old password. Type in alpine.
对策是,让修改密码的表单不能被CRSF攻击,当然在改变密码的时候,也需要用户去输入旧密码。
As a countermeasure, make change-password forms safe against CSRF, of course. And require the user to enter the old password when changing it.
应用推荐