bug-bounty405
google392
xss350
microsoft305
facebook274
apple184
exploit182
rce174
malware136
cve107
account-takeover94
csrf86
browser85
writeup69
privilege-escalation66
phishing61
dos60
react59
supply-chain56
bragging-post55
authentication-bypass54
cloudflare51
node51
ssrf49
aws48
docker48
access-control46
smart-contract45
reverse-engineering45
web344
ethereum43
defi42
pentest41
oauth41
sql-injection40
lfi35
idor35
race-condition33
info-disclosure33
smart-contract-vulnerability32
cloud31
buffer-overflow30
auth-bypass29
wordpress29
clickjacking29
solidity27
subdomain-takeover27
vulnerability-disclosure25
web-application24
sqli23
0
7/10
bug-bounty
A bug bounty writeup demonstrating an account takeover vulnerability combining IDOR and weak encryption in a password reset function. The attacker decrypted Zlib-compressed tokens, discovered an Adler-32 checksum constraint, located a Transaction_Token endpoint via directory fuzzing, and automated exploitation to forge valid password reset links for arbitrary accounts.
account-takeover
idor
weak-encryption
zlib-compression
adler32-checksum
password-reset
token-forgery
cryptanalysis
client-side-security
directory-fuzzing
web-vulnerability
Mayank Pandey
CyberChef
Zlib
Adler-32
Python
0
7/10
vulnerability
Symantec Messaging Gateway versions ≤10.6.5 contain an authentication bypass in the password reset feature due to encryption of password reset tokens using a hardcoded static key with weak PBEWithMD5AndDES cipher. An attacker can craft a valid administrator session by encrypting the string 'admin:' and passing it as an authorization parameter.
authentication-bypass
hardcoded-credentials
weak-encryption
password-reset-flaw
pbe-with-md5-and-des
symantec-messaging-gateway
token-prediction
appliance-security
web-application
Symantec Messaging Gateway
Artem Kondratenko
Philip Pettersson
SYMSA1461
PBEWithMD5AndDES