Password Reset Poisoning Attack Exploits System Vulnerability
/ 1 min read
🔗 Password Reset Poisoning Attack: A New Exploitation Method Revealed. Security researcher Sarath D outlines a vulnerability in password reset functionalities that can be exploited through host header injection. By manipulating the host header in a password reset request, an attacker can redirect the reset link to their own server, capturing the reset token sent to the victim’s email. The attacker can then use this token to gain unauthorized access to the victim’s account. Sarath emphasizes the importance of adhering to security standards and thoroughly testing all headers in requests and responses to prevent such vulnerabilities. This method highlights the need for enhanced security measures in web applications to protect user accounts from phishing attacks.
