Password Reset Poisoning Leading to Account Takeover

Overview During a penetration test of a Web Applications API, I discovered a vulnerability in the password reset functionality that allowed an attacker to intercept reset tokens and take over user accounts. By manipulating a user-controllable field i...