10 Password Reset Flaws + Bonus
Common security flaws in password reset functionality compiled from twitter, writeups, disclosed reports.
[1] Password Reset Token Leak Via Referrer The HTTP referer is an optional HTTP header field that identifies the address of the webpage which is linked to the resource being requested. The Referer request header contains the address of the previous web page from which a link to the currently requested page was followed
Exploitation Request password reset to your email address Click on the password reset link Dont change password Click any 3rd party websites(eg: Facebook, twitter) Intercept the request in burpsuite proxy Check if the referer header is leaking password reset token.