Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V3 - Session Management

Password Link Expiration Errors

POC

  1. Send a password reset link
  2. Use the link multiple times and observe it’s not expired after one time use

Impact

Low-Medium(if the token in the link is not complex and brute-forceable)

Likelihood

Low