Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V3 - Session Management

Password Reset Token Sent Over HTTP

POC

  1. Intercept the requests while resetting password
  2. Observe that the password reset token is sent over HTTP.

Impact

Low

Likelihood

Low