.png)
3 hours ago
4 BOOK THIS SPACE FOR AD
ARTICLE AD
Let’s Flow into the report…
Understand the application’s functionality and identify features.Explored the booking app to find features, including registration and login mechanisms.Observed that email verification is used for both registration and login, requiring a 6-digit code.The app sends a 6-digit verification code when registering or logging in with an email.The code is stated to be valid for 10 minutes.Attempted to login by entering an email.Requested multiple verification codes in quick succession.Waited for 10 minutes to let the first issued code expire, per the app’s stated policy.1 After 10 minutes:
Attempted to login using the first issued code.Login was successful, indicating the first code was still valid despite multiple subsequent codes being issued.2 Discovery:
The app failed to invalidate previously issued codes upon generating new codes.The first code should have been marked as expired when a new code was issued, but this did not happen.The app does not implement proper code invalidation logic.Old verification codes remain valid even after issuing new ones, creating a security loophole.A quick response from the H1 Triage Team-
Thank You For Reading 😊
Linkedin — https://www.linkedin.com/in/aman-hasan/
Bengali (Bangladesh) · 
English (United States) ·