Breaking In Through the Backdoor: Password Reset Gone Wrong
1 min read
Summary
A critical vulnerability has been discovered in Target’s password reset system that affects every user on the platform.
The flaw allows an attacker to take over any user’s account without needing their interaction, phishing information, or access to their inbox.
When a user requests a password reset on Target.com, they receive a link in their email with a six-digit code.
The problem is that this code also works on the email verification endpoint, allowing an attacker to take over a user’s account without knowing their password.
This vulnerability was discovered by Ehteshamul Haq, a security researcher, who reported it to Target in October 2022.
Target acknowledged the flaw and awarded Haq $15,000 for discovering it through its Bug Bounty program.