Broken Authentication
Broken Authentication To Email Verification Bypass (P4) :
1)First You need to make a account & You will receive a Email verification link.
2)Application in my case give less Privileges & Features to access if not verified.
3)Logged into the Application & I change the email Address to Email B.
4)A Verification Link was Send & I verified that.
5) Now I again Changed the email back to Email I have entered at the time of account creation.
6) It showed me that my Email is Verified.
7) Hence , A Succesful Email verfication Bypassed as I haven't Verified the Link which was sent to me in the time of account creation still my email got verified.
8)Didn't Receive any code again for verification when I changed back my email & When I open the account it showed in my Profile that its Verified Email.Email Verification Bypass (P3/P4)
1)First You need to Create an account with Your Own Email Address.
2)After Creating An Account A Verification Link will be sent to your account.
3)Dont Use The Email Verification link. Change Your Email to Victim's Email.
4)Now Go in Your Email and Click on Your Own Email Verification Link.
5)if the Victim's Email Get Verified then This is a Bug.Insufficient account process validation leads to account takeover (P3/P4):
Last updated