⭐ Broken Authentication And Session Management.
#bugbounty #Infosec
Step by Step Explanation
See 🧵:
📌Old Session Does Not Expire After Password Change :
Steps🖼 :👇
📌Session Hijacking (Intended Behavior)
#bugbounty #infosec
Impact: If attacker get cookies of victim it will leads to account takeover.
Steps :👇
📌Password reset token does not expire (Insecure Configurability)
#bugbounty #infosec
Steps :👇
📌Server security misconfiguration
-> Lack of security headers -> Cache control for a security page
#bugbounty #infosec
Steps :👇
📌Broken Authentication To Email Verification Bypass (P4) :
#bugbounty #infosec
category : P4 >> Broken Authentication and Session Management >> Failure to Invalidate Session >> On Password Reset and/or Change
Steps :👇
📌Email Verification Bypass (P3/P4)
#bugbounty #infosec
Impact : Email Verification Bypass
Steps :👇
📌Old Password Reset Token Not Expiring Upon Requesting New One (Sometimes P4) :
#bugbounty #Infosec
Note:- Some Companies Won't Accept it As Valid Issue.
Steps :👇
📌Password Reset Token Not Expiring After Password Change (P4):
#bugbounty #infosec
Steps :👇
Thanks For Reading Guys Happy Hunting :)
Resources: Google & Youtube
Authors :
@FaniMalikHack @Raiders
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.