.png)
6 months ago
31 BOOK THIS SPACE FOR AD
ARTICLE AD
Overview of the Vulnerability:
I found a token miss configuration flaw in [redacted].gov, When we reset password for a user a link is sent to the registered email address but incase it remain unused and email is updated by user from setting panel then too that old token [reset link] sent at old email address remains valid.
Steps:
User use reset feature to get reset link Email : free@Palestine.comUser came to know about his old password so remain the link unused and the token not expires.Now User changes his email from control panel New email : free@Palestine.govBut the old reset still remains valid after email change.In-case an attacker able to get access to user’s old email account he can hack his recreation account too via that link, so expiring the token at email change will be a better practice
Impact:
The attacker can still change the password if victim thinks his/her account is compromised and decided to change his email.
Duplicate :(
Bengali (Bangladesh) · 
English (United States) ·