Skip to content
Fast-turnaround security assessments available — 10+ years development & security experienceGet started
Tag

Posts tagged ‘account-takeover

2 cases tagged with ‘account-takeover

Auth BypassCVSS 9.0critical
8 min read

The Login Link That Let Anyone In

The platform sent login links by email. Each link contained a token. The problem was the application accepted that token from the URL and bound it to whoever authenticated next — which meant an attacker who knew the token could wait for any user to log in and immediately inherit their session.

Read case
Auth BypassCVSS 9.1critical
4 min read

The Trusted Email That Wasn't

A legitimate password reset email — SPF passed, DKIM valid, sender verified. But the link inside pointed to an attacker's domain. One HTTP header turned a routine email into a full account takeover.

Read case
Back to all cases