Broken Authentication and Session Management

Hii gyes,
Here's one more on session management.

There is nothing to give description so directly the reproduction steps:

1) Create a Spotify account having email any address like "a@x.com".
2) Now Logout and ask for password reset link. Don't use the password reset link sent to your mail address.
3) Login using the same password back and update your email address to "b@x.com" and verify the same. Remove "a@x.com".
4) Now logout and use the password reset link which was mailed to "a@x.com" in step 2. 5) Password will be changed.

Attack scenario
 1) My email account is compromised. Attacker asks for password reset link for my account.
2) I got to know, I change my email address on my account. I now assume i am safe.
3) But the hacker can still use the old password reset links (which he had never used for single time) which were sent to my old email address.
4) My account is now compromised again.

Fix
All previous password reset links should automatically expire once a user changes his email address.

Video will release soon.☺

Contacts:

Facebook , Twitter , Github , Email


Comments

Post a Comment

Popular Posts