Ahmed Alsanosi

Published On: 12 Oct 2020

Crashing Password Reset Functionality

Rate Limits
General | Web
---
HIGH DUPLICATE

I found this bug in "PlayStation" bug bounty program on Hackerone.

Description

Missing Rate Limit for forgotten-password field allowing attackers to send unlimited request and causing denial of service which in order will crash Password Initialization functionality and deny it from responding to users .

Impact

No rate limit lead to DOS & denying users from access password reset functionality




Reproduction Steps

Step
1

Go to Password Initialization and made password reset request

Step
2

Intercept the request and send it to intruder

Step
3

Add a Payload Marker on the forgottenPassword?_action= value

Step
4

Launch the attack so now the same request is being replayed and sent unlimited time

Step
5

After a while you will notice a 500 Service Unavailable

Show Image

Step
6

Password reset functionality will crash .

Step
7

I was added to Hall of fame and two Reputation point

Show Image

Timeline
.
Ahmed 17 Sep 2020

Initial Report

18 Sep 2020

HackerOne triage closed the report as Duplicate

DUPLICATE






Show All Images