I too appear to be having difficulty relating this to a vulnerability.
> It works for:
> the same user using ssh as is on the console;
If someone can remotely log in as you over ssh then they already have your
password (or worse, certificate!), so why would they try to obtain it from
a browser...
> It works for:
> the same user using ssh as is on the console;
If someone can remotely log in as you over ssh then they already have your
password (or worse, certificate!), so why would they try to obtain it from
a browser...
[ more ]