I Broke Authentication — Without Exploiting Anything

Cyberhrsh, a penetration tester, found a flaw in a cryptocurrency platform that allowed him to access a user account without verifying his email.
The issue stemmed from flawed logic in the platform’s authentication process.
During the registration process, Harsh entered an email address, set a password, and was prompted to verify the email, which he did not do.
He then attempted to log in using the same email and password, and was surprised to find that he was granted access to the account dashboard.
This vulnerability could be exploited on a large scale by malicious actors creating spam accounts, abusing promotions or airdrops, and engaging in other fraudulent financial activities.
The security breach underscores the importance of establishing crucial identity verification procedures, even more so for financial platforms.
After reporting the issue to the relevant team, it was swiftly patched.

Fast Feed