long-agent bba44e820a fix: P0-04 prevent password reset code replay attack ...

ResetPasswordByPhone and ResetPassword now immediately consume
(delete) the verification code/token after successful validation,
before proceeding with password reset. This prevents replay attacks
where the same code could be used multiple times.

Security fix:验证码/Token验证通过后立即删除，防止Replay攻击

2026-04-18 10:26:36 +08:00

9.2 KiB

Raw Blame History

View Raw