/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- The documentation indicates that "accounts.REST" is called when the recovery link is pressed in the Unknown Location Notification email.
- However, "accounts.REST" is not called when the expired link is pressed.
- This issue arises during a credential stuffing attack, where the Unknown Location Notification email is suddenly sent to the legitimate user.
- The user may not be able to press the link within the time limit, hence it is believed that "accounts.REST" should be called when the link is clicked, even if the link has expired.
Read more...
Environment
- SAP Customer Data Cloud
- Privacy & Safety (Consent / RBA)
Product
SAP Customer Data Cloud all versions
Keywords
SAP Customer Data Cloud, REST Call, Expired Link, Unknown Location Notification Email, Credential Stuffing Attack, Login Session, Password Reset Link. , KBA , CEC-PRO-PNS , Privacy & Safety (Consent, RBA - Risk-Based Authentication) , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)