Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V4 - Access Control

Account takeover via "Forgot your password" functionality

POC

  • Click Forgot Password
  • Insert existing username or email address
  • Set interception proxy and catch request to this endtpoint
  • Proceed the request and check that password-reset link returned in response json body
  • Go to the URL and set password for any account

Impact

High

Likelihood

High