.png)
2 days ago
11 BOOK THIS SPACE FOR AD
ARTICLE ADI wanted to share a bug I found some time ago. This is the first bug I’ll be sharing, but it certainly won’t be the last, inshallah. It was one of the more unusual bugs I’ve encountered. We have a website, and typically, the logic of any website ensures that you can’t create an account with the same email. The site I was testing followed this rule too.
However, when I tried to change the email, the first attempt was rejected. But when I tried again, surprisingly, it accepted the change. I thought, 'LOL,
let me try again.' The code logic in my mind was that the backend is designed to send a notification only once, that the email already exists, and all subsequent requests pass through normally.
The impact of this bug is that it prevents a user from requesting a 'forgot password' reset. It fails entirely, as the backend, when trying to send a token to the email, finds two users with the same email. Obviously, it wasn’t designed for that and throws an error.
So, this was a simple bug with a low severity, mainly affecting availability.
Bengali (Bangladesh) · 
English (United States) ·