Password retrieval logic
Retrieve the password logic comprising a user identification (user name, user ID, cookie), a receiving end (mobile phone, mail), certificate (authentication code, token), there is a complete correlation between need. There http parameters pollution
example:
1. Enter to retrieve account and verify their presence
related Document 2. associated receiver receives the associated account
3. retrieve password
Vulnerability disclosure of evidence
Learning Link:
https://www.freebuf.com/articles/web/160883.html
voucher loophole appears in the return package, so that we can register blasting user name, and if the mailbox, you can whois query the administrator's mailbox suffix thereby blasting.
Override The receiver can tamper
Learning Link:
https://www.freebuf.com/articles/database/161495.html
modify the receiving end or the receiving end for their associated parameters and modify the receiving end, so that you can reset
User confusion
Learning Link:
https://www.freebuf.com/articles/web/162152.html
for the identity of a try to see whether a change, so tampering.
Reset credentials not verified
Learning Link:
https://www.freebuf.com/articles/web/164090.html
Reset password credentials can blast
Learning Link:
https://www.freebuf.com/articles/web/164510.html
Affect the subsequent logic state in response parameter is present
Learning Link:
https://www.freebuf.com/articles/web/166667.html