Password Reset Authentication and Session Management

From Hackipedia
Jump to: navigation, search
Hackerone #17383
Target: Hackerone
Target Module:
Type: Authentication
Payload:
Original: Link
CVE:
Archive Screenshot

Hackerone had an error in how they were linking their password reset tokens with accounts. Password reset tokens where still valid after an account changed the email for the account. This could hypothetically cause a typo to turn into an account hijacking.

How To Perform

  1. Create an account with your primary email (test@test.de)
  2. Request an password reset (may have to log out)
  3. Change email address on account to secondary email (other@test.de)
  4. Log out
  5. Use password reset link send to test@test.de to hijack account