{"id":889,"date":"2020-05-09T04:15:56","date_gmt":"2020-05-09T03:15:56","guid":{"rendered":"http:\/\/zerothcode.com\/blog\/?p=889"},"modified":"2020-10-08T05:40:50","modified_gmt":"2020-10-08T04:40:50","slug":"password-reset-link-doesnt-expires","status":"publish","type":"post","link":"https:\/\/zerothcode.com\/blog\/password-reset-link-doesnt-expires\/","title":{"rendered":"Password Reset Link Doesn\u2019t Expires On Email Change"},"content":{"rendered":"<p id=\"bb8e\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\"><strong class=\"ft gl\">Summary : Password<\/strong><\/p>\n<h3 id=\"4a00\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\">When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This can be listed under improper authentication.\u00a0 <strong class=\"ft gl\">Password<\/strong><\/h3>\n<p id=\"b95a\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\">When any user sends the password reset link but does not use it and it remains unused in the user\u2019s inbox,<\/p>\n<p class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\">here if in any case, the attacker gets access to the victim\u2019s main inbox (gmail or yahoo) he\/she can takeover the account on the other websites which is being used by the user with the same email.<\/p>\n<p id=\"2823\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\"><strong class=\"ft gl\">Why does this happen?\u00a0\u00a0<\/strong><\/p>\n<ol class=\"\">\n<li id=\"80d1\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge gm gn go\" data-selectable-paragraph=\"\">Websites forget to set the email expiration time.<\/li>\n<li id=\"b947\" class=\"fr gf ap ce ft b fu gp gg fw gq gh fy gr gi ga gs gj gc gt gk ge gm gn go\" data-selectable-paragraph=\"\">Websites don\u2019t expire the old password reset link on email change<\/li>\n<li id=\"8ed7\" class=\"fr gf ap ce ft b fu gp gg fw gq gh fy gr gi ga gs gj gc gt gk ge gm gn go\" data-selectable-paragraph=\"\">Websites don\u2019t expire the password reset token after being used once<\/li>\n<\/ol>\n<p id=\"4211\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\"><strong class=\"ft gl\">How to find this vulnerability ?\u00a0\u00a0<\/strong><\/p>\n<ol class=\"\">\n<li id=\"646a\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge gm gn go\" data-selectable-paragraph=\"\">Go to your target website and send a reset link to your account<\/li>\n<\/ol>\n<figure class=\"gv gw gx gy gz ha co cp paragraph-image\">\n<div class=\"hb hc hd he ai\">\n<div class=\"co cp gu\">\n<div class=\"hk r hd hl\">\n<div class=\"hm hn r\">\n<div class=\"hf hg s t u hh ai av hi hj\">\n<p>&nbsp;<\/p>\n<\/div>\n<figure style=\"width: 1366px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\" \" role=\"presentation\" src=\"https:\/\/miro.medium.com\/max\/1366\/1*48O1BZ0WbFCttDAyU1vR9Q.png\" alt=\"Password\" width=\"1366\" height=\"768\" \/><figcaption class=\"wp-caption-text\">Password<\/figcaption><\/figure>\n<\/div>\n<\/div>\n<\/div>\n<\/div><figcaption class=\"hs ht cq co cp hu hv cd eh ei cf ci\" data-selectable-paragraph=\"\">Password Reset Page\u00a0\u00a0<\/figcaption><\/figure>\n<p id=\"34b3\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\">2. Now don\u2019t use it, just login to your account and change the email Password<\/p>\n<figure class=\"gv gw gx gy gz ha co cp paragraph-image\">\n<div class=\"hb hc hd he ai\">\n<div class=\"co cp gu\">\n<div class=\"hk r hd hl\">\n<div class=\"hm hn r\">\n<div class=\"hf hg s t u hh ai av hi hj\">\n<p>&nbsp;<\/p>\n<\/div>\n<figure style=\"width: 1366px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\" \" role=\"presentation\" src=\"https:\/\/miro.medium.com\/max\/1366\/1*LbXg8G6CDcvOZfBDf-ZyGQ.png\" alt=\"Password\" width=\"1366\" height=\"768\" \/><figcaption class=\"wp-caption-text\">Password<\/figcaption><\/figure>\n<\/div>\n<\/div>\n<\/div>\n<\/div><figcaption class=\"hs ht cq co cp hu hv cd eh ei cf ci\" data-selectable-paragraph=\"\">Email Changed<\/figcaption><\/figure>\n<p id=\"d39f\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\">3. Now after changing the email and confirming it logout of the account and use that old password reset link to reset the password which was sent to your old email address.<\/p>\n<figure class=\"gv gw gx gy gz ha co cp paragraph-image\">\n<div class=\"hb hc hd he ai\">\n<div class=\"co cp gu\">\n<div class=\"hk r hd hl\">\n<div class=\"hm hn r\">\n<div class=\"hf hg s t u hh ai av hi hj\">\n<p>&nbsp;<\/p>\n<\/div>\n<figure style=\"width: 1366px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\" \" role=\"presentation\" src=\"https:\/\/miro.medium.com\/max\/1366\/1*2Owy8fsSoa69uguGWT3UDg.png\" alt=\"Password\" width=\"1366\" height=\"768\" \/><figcaption class=\"wp-caption-text\">Password<\/figcaption><\/figure>\n<\/div>\n<\/div>\n<\/div>\n<\/div><figcaption class=\"hs ht cq co cp hu hv cd eh ei cf ci\" data-selectable-paragraph=\"\">Password Reset Link to Old Email<\/figcaption><\/figure>\n<p id=\"9475\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\">4. Now Reset the password<\/p>\n<figure class=\"gv gw gx gy gz ha co cp paragraph-image\">\n<div class=\"hb hc hd he ai\">\n<div class=\"co cp gu\">\n<div class=\"hk r hd hl\">\n<div class=\"hm hn r\">\n<div class=\"hf hg s t u hh ai av hi hj\"><\/div>\n<figure style=\"width: 1366px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" role=\"presentation\" src=\"https:\/\/miro.medium.com\/max\/1366\/1*C444_kofMg63qExhYOcELQ.png\" alt=\"Password\" width=\"1366\" height=\"768\" \/><figcaption class=\"wp-caption-text\">Password<\/figcaption><\/figure>\n<\/div>\n<\/div>\n<\/div>\n<\/div><figcaption class=\"hs ht cq co cp hu hv cd eh ei cf ci\" data-selectable-paragraph=\"\">Resetting the password<\/figcaption><\/figure>\n<p id=\"5e3b\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\">5. Log in with the changed password<\/p>\n<figure class=\"gv gw gx gy gz ha co cp paragraph-image\">\n<div class=\"hb hc hd he ai\">\n<div class=\"co cp gu\">\n<div class=\"hk r hd hl\">\n<div class=\"hm hn r\">\n<div class=\"hf hg s t u hh ai av hi hj\"><\/div>\n<figure style=\"width: 1366px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" role=\"presentation\" src=\"https:\/\/miro.medium.com\/max\/1366\/1*D5t0I_rzoUt2asJjptKnHQ.png\" alt=\"Password\" width=\"1366\" height=\"768\" \/><figcaption class=\"wp-caption-text\">Password<\/figcaption><\/figure>\n<\/div>\n<\/div>\n<\/div>\n<\/div><figcaption class=\"hs ht cq co cp hu hv cd eh ei cf ci\" data-selectable-paragraph=\"\">Logging in with the changed password<\/figcaption><\/figure>\n<p id=\"d7b2\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\">NOTE : In real case scenario it is only possible if your main account (gmail\/yahoo) gets compromised. But 70 out of 100 websites accepts this risk so you can report it.<\/p>\n<p id=\"2a65\" class=\"fr gf ap ce ft b fu fv gg fw fx gh fy fz gi ga gb gj gc gd gk ge cx\" data-selectable-paragraph=\"\">Thank You \ud83d\ude42<\/p>\n<p data-selectable-paragraph=\"\">You May also Read : <a href=\"http:\/\/zerothcode.com\/blog\/otp-bypass-developers-check\/\">http:\/\/zerothcode.com\/blog\/otp-bypass-developers-check\/<\/a><\/p>\n<p data-selectable-paragraph=\"\">You May also Read : <a href=\"http:\/\/zerothcode.com\/blog\/privilege-escalation-hello-admin\/\">http:\/\/zerothcode.com\/blog\/privilege-escalation-hello-admin\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary : Password When an actor claims to have a given identity, the software does not prove or insufficiently proves<\/p>\n","protected":false},"author":1,"featured_media":890,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[51],"tags":[],"yst_prominent_words":[1188,1157,1319,1316,1320,501,1318,1317,1314,1312,1311,1310,937,1313,1315,496,464],"class_list":["post-889","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorials"],"_links":{"self":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts\/889","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/comments?post=889"}],"version-history":[{"count":0,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts\/889\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/media\/890"}],"wp:attachment":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/media?parent=889"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/categories?post=889"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/tags?post=889"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/yst_prominent_words?post=889"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}