Read Time:22 Second
Posted by Andrey Stoykov on Mar 11
Correspondence from Fastly declined to comment regarding new discovered
vulnerabilities within their website.
Poor practices regarding password changes.
1. Reset user password
2. Access link sent
3. Temporary password sent plaintext
// HTTP POST request
POST /user/mwebsec%40gmail.com/password/request_reset HTTP/2
Host: api.fastly.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0)
Gecko/20100101 Firefox/108.0
[…]
[…]…