| http://www.w3.org/ns/prov#value | - Consider that if a CSR is allowed to update your user profile, including your email address, and the CSR also is able to reset your account password if you forget it, then obviously a malicious CSR will be able to obtain your password.The malicious CSR can temporarily set your email address to an address owned by the CSR, reset your password, then read the password in the password-reset email.Now
|
