Broken Authentication and Session Management

Bug Description:
Password reset link still works after email changed. This bug is most commonly found in big name sites.
1) Create a account having email address "a@x.com".
2) Now Logout and request for password reset link. Don't use that reset link.
3) Login using the same password back and update your email address to "b@x.com" and verify it.
4) Use the password reset link which sent to your "a@x.com" in step 2.
5) At last, Open that link, fill all form fields and submit the request
6) If you see something like this "Password is changed", Then that site is vulnerable

All previous password reset links should automatically expire once a user changes his email address.
Next Post »