A Password Reset Gone Wrong: Credentials Leaked via Raw Email

Second bug found in the wild

A Standard Password Reset

Viewing the Email in Raw Format

When a Header Contains More than Metadata

Why "It's Just a No-Reply Account" Still Matters

Responsible Disclosure

Remediation

Removing Credentials from Email Configurations
Proper Authentication for Mail Services

PreviousBOLA In The Wild: Mapping PII Storage Through API Calls NextSummitCTF 2024

Last updated 22 days ago