Broken Authentication – Session Token bug
About me and Suggestion:
Hi , This is Abdul Haq Khokhar , I am a Independent Security Researcher and I read this Bug in any blog and I've reported in many websites and Got Positive Reply as rewards , Swag and Hall of fame. So why are you waiting for ? try this on any website and report it as a Security Researcher and start your earning .In this Article i m sharing logical Bug so lets start
Bug : Broken Authentication – Session TokenStep to Reproduce:
Step 1. Request a password reset for your account.Step 2. Don’t use the password reset link that was sent to your email.
Step 3. Login to your account, remember don’t use first the reset password link you requested in Step 1.
Step 4. Change your password in the Account Settings. (In my research, I always change my password 5 to 8 times every testing session)
Step 5. After you changed your password inside your account, Check now the reset password link you requested in Step 1 in your email.
Step 6. Change your password using the reset password link you requested.
If the website you test has no issue then the token of the reset password link you requested will not work)
If the site has a token issue, The result is the reset password token in the Step 1 is still usable and did not expire yet. Not invalidating the session token for the reset password is not a good practice for a company.
If you want Any Question Feel Free to Ask :)
ReplyDeleteIf you want to ask any question about this Vulnerability . Yes you can ask :)
ReplyDeleteHow it called the Vulnerability ? with meaning
ReplyDeleteThanks for the Comment as i shown in POC its a Broken Authentication – Session Token vulnerability .
Deleteas we can say its a standard that session should be destroy and Not invalidating the session token for the reset password is not a good practice for a company thats why facebook , coinbase and other websites fixed this bug.