What is a 'remember me' token vulnerability when the token is derived from the username and a static salt?
-
A
The token is too long to brute-force
-
B
The token is predictable and can be forged for any user whose username is known
-
C
The token expires after a single use
-
D
The token is stored server-side and cannot be manipulated