• Another Catgirl@lemmy.blahaj.zone
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    that’s really concerning because it bypasses a browser password manager security measure. Since the domain is the same but the server ip and the server’s https certificate chain is different, a poorly written password manager may auto-login or automatically send cookies to a website owned by a completely different entity on the same domain name. Big security flaw in domain name trust?