Рет қаралды 7,773
Forgot Password function allows the application users to reset their password if they forgot their account password. If a web application doesn’t implement a secure forgot password function this would allow an attacker to reset the application users password and take over their account. During this video we look at this scenario in action.
NOTE: This video is made ONLY for educational purposes and to help developers and security researchers to enhance their security knowledge. Therefore, allowing them remediate potential vulnerabilities in their OWN applications.
Web Security Academy | Lab: Password reset broken logic:
portswigger.net/web-security/...
Twitter: / tracethecode