Security Glitch: User is able to reset password without even login. Steps: 1. enter the url: https://www.bugheist.com/accounts/password/reset/ 2. Enter the email id of any user or try automate script by entering 1000 of email id's. 3. The password reset mail will be delivered to the email id's which exists in the system. It will be a bug threat for any website when any user can send 100 of emails for reset password. There should be if condition on screen (Secured information screen) that user must be logged in the website to view that screen 791

Domain: https://www.bugheist.com/accounts/password/reset/
Tweet Share
Bugheist

Reported on www.bugheist.com

Total # of issues reported = 183

mithun

Reported by mithun

Total Points of mithun = 42

browser

Browser Version: 11.0

Operating System: Windows

OS Version: 8.1

Bug Type: General
Status: closed
Added on: Feb. 6, 2017, 6:55 a.m.

Description

Screenshots:

screenshot

OCR Results:

Imps //www bugMEIKum/zuountS/passwmd[133:4] BugHeg‘st Please oumaa us Ifyou have any trouble reselling your passvmm - anuw us on Twine! - Like us on oneman

Comments:

No comment added yet. Be the first to comment!