Carefully audit source code related to forgot password and authentication
Check randomness of generated password (if it is based on the current time in system)
Look for endpoints that do not require authentication
Check if they have vulnerabilities, sensitive information disclosure
Look for SQL Injection
Retreive user's credentials from database
Retreive forgot password token from database (admin if possible)
Look for Path Traversal
Searc for sensitive files
Dive into JWT tokens / Cookies
Last updated 10 months ago