@chrisd9r : My first/only Bugcrowd P1 was for an app made by a well known network and IoT/camera vendor. Their password reset flow validated the password client side, then sent a request with the new pw and acct email address. You could change the pw for any acct if you knew the email. • TwiCopy

Chris Dehghanpoor

@chrisd9r

+ Follow

Investigative Reporter, @washingtonpost • past: infosec @ Google, AWS, Twitch • Tips? @chrisd9r.01 on Signal

ID: 1250277219672313862

linkhttps://ckd.sh calendar_today15-04-2020 04:18:48

15,15K Tweet

9,9K Takipçi

2,2K Takip Edilen

Chris Dehghanpoor

@chrisd9r

17 days ago

My first/only Bugcrowd P1 was for an app made by a well known network and IoT/camera vendor. Their password reset flow validated the password client side, then sent a request with the new pw and acct email address. You could change the pw for any acct if you knew the email.

thumb_up_off_alt2

chat_bubble_outline0

repeat0

shareShare