writeups.xyz / Unlocking the Weak Spot: Exploiting Insecure Password Reset Tokens

Submitter : c2a

Date: 28 July 2024

Bounty : undisclosed

Vulnerabilities :

• Bruteforce
• Lack of Rate Limiting
• Password Reset
• Account Takeover

Programs :

• Undisclosed

Authors :

• Mosaad Sallam (@H0tak88r)

Link :
https://sallam.gitbook.io/sec-88/bug-bounty/unlocking-the-weak-spot-exploiting-insecure-password-reset-tokens