Back to directory

WRITEUP #3532

Account Takeover (User + Admin) Via Password Reset

Auth BypassAccount takeoverPassword resetLogic flaw

by@HemantSolo(Hemant Patidar)

Bounty

200

Program

-

Published

Aug 5, 2021

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://infosecwriteups.com/account-takeover-user-admin-via-password-reset-322b8020ea6

▸ RELATED WRITEUPS

Interesting Business Logic Error leads to Pre-Account Takeover via Verification bypass on GoogleVRP

Auth BypassAccount takeover

Interesting Story of an Account Takeover Vulnerability

Auth BypassAccount takeover

Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center

Auth Bypass2FA / MFA bypass

Forced SSO Session Fixation

Account takeover on 8 years old public program

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat