Information disclosure (reset password token) and changing the user's password
Many password reset services take advantage of an link emailed to the user account. The link will contain a parameter that is unique to the request and will lead you to a page to insert a new password. If that page contains links to third party sites the web application may be leaking this unique password reset key via the Referrer HTTP header.
How To Perform
- Create account
- Perform password reset procedure
- Check reset page for links to third party sites.
- Check the network traffic to ensure the Referrer is being passed.