| 2767 | Password Reset Token Leak via X-Forwarded-Host |
Host header injection
Account takeover
Password reset |
NA |
Saajan Bhujel (@saajanbhujel) |
Bug Bounty | 2021-02-26 | 2023-06-13 |
| 2764 | IDOR which allowed me to view Personal Email Addresses of More than 50K Users! |
IDOR
Password reset |
NA |
Savir Suda (@savxiety) |
Bug Bounty | 2021-02-26 | 2023-06-13 |
| 2745 | How I Might Have Hacked Any Microsoft Account |
Account takeover
Password reset
Bruteforce
MFA bypass |
Microsoft |
Laxman Muthiyah (@laxmanmuthiyah) |
Bug Bounty | 2021-03-02 | 2023-06-13 |
| 2722 | Account Takeover Via Reset Password Worth 2000$ |
Password reset
Account takeover |
NA |
Ashutosh mishra (@ashutoshmish_ra) |
Bug Bounty | 2021-03-12 | 2023-06-13 |
| 2714 | An Interesting Account Takeover!! |
IDOR
Account takeover
Weak encryption
Password reset |
NA |
Mayank Pandey (@mayank_pandey01) |
Bug Bounty | 2021-03-17 | 2023-06-13 |
| 2689 | Increasing impact of Information Disclosure — Full Account Takeover ! |
Information disclosure
Password reset |
NA |
Abhisek R (@abh1sek_r) |
Bug Bounty | 2021-03-26 | 2023-06-13 |
| 2650 | Unauthenticated Account Takeover Through Forget Password |
Password reset
Account takeover
Information disclosure |
NA |
Nikhil (niks) (@niksthehacker) |
Bug Bounty | 2021-04-12 | 2023-06-13 |
| 2632 | Misconfiguration in Change-password Functionality Leads to Account Takeover |
IDOR
Logic flaw
Password reset
Account takeover |
NA |
Mahmoud Radwan (@0x___2m) |
Bug Bounty | 2021-04-18 | 2023-06-13 |
| 2610 | From Wayback Machine To Account Takeover |
Account takeover
Password reset
Open redirect |
NA |
Demon (@R29k_) |
Bug Bounty | 2021-04-25 | 2023-06-13 |
| 2591 | Password reset code brute-force vulnerability in AWS Cognito |
Password reset
Bruteforce
Rate limiting bypass
Account takeover |
AWS |
Pentagrid (@pentagridsec) |
Bug Bounty | 2021-04-30 | 2023-06-13 |
| 2550 | My Fourth Account takeover through password reset |
Account takeover
Password reset |
NA |
Omar Hamdy (@seaman00o) |
Bug Bounty | 2021-05-17 | 2023-06-13 |
| 2547 | Drupal Insecure Default Leads To Password Reset Poisoning |
Password reset
Host header injection |
Drupal |
Bogdan Tiron (@Bogdan___T) |
Bug Bounty | 2021-05-29 | 2023-06-13 |
| 2495 | Joomla Password Reset Vulnerability And A Stored XSS For Full Compromise |
Password reset
Stored XSS
Privilege escalation
RCE
Security code review |
NA |
Adrian Tiron (@Adrian__T) |
Bug Bounty | 2021-06-07 | 2023-06-13 |
| 2463 | Zero Click account Takeover |
Account takeover
Password reset |
NA |
Zahir Tariq (@ZahirTariq3) |
Bug Bounty | 2021-06-19 | 2023-06-13 |
| 2438 | How I was able to Takeover Accounts on Foxit.com |
Password reset
Account takeover |
NA |
Jefferson Gonzales (@gonzxph) |
Bug Bounty | 2021-06-29 | 2023-06-13 |
| 2424 | Facebook Email/phone disclosure using Binary search |
Password reset
Information disclosure
Bruteforce |
Meta / Facebook |
Rikesh Baniya / NotRickyy (@rikeshbaniya) |
Bug Bounty | 2021-07-09 | 2023-06-13 |
| 2423 | Account Takeovers — Believe the Unbelievable |
Account takeover
Session management issue
Weak credentials
Components with known vulnerabilities
Password reset |
NA |
Nikhil (niks) (@niksthehacker) |
Bug Bounty | 2021-07-09 | 2023-06-13 |
| 2420 | Critical Bug Bounty Reports: Part 1 |
Account takeover
Password reset
RCE
Information disclosure |
NA |
Greg Gibson |
Bug Bounty | 2021-07-11 | 2023-06-13 |
| 2418 | Trick to bypass rate limit of password reset functionality |
Rate limiting bypass |
NA |
Abdulrahman-Kamel |
Bug Bounty | 2021-07-12 | 2023-06-13 |
| 2384 | Bug Chain leads to Mass Account Takeover! |
Information disclosure
Password reset
Account takeover |
NA |
Shubhayu Majumdar (@shubhayu64) |
Bug Bounty | 2021-07-26 | 2023-06-13 |
| 2380 | You’ve Got (a Reset) Mail: A Security Analysis of Email-Based Password Reset Procedures |
Password reset
Host header injection
CSRF
Account takeover |
NA |
Tommaso Innocenti (@innotommy) |
Bug Bounty | 2021-07-26 | 2023-06-13 |
| 2360 | The journey from Google Honorable Mention to Hall of Fame. |
Referer leakage
Information disclosure
Password reset |
Google |
Akash basnet (@noneofyou007) |
Bug Bounty | 2021-08-01 | 2023-06-13 |
| 2346 | Account Takeover (User + Admin) Via Password Reset |
Account takeover
Password reset
Logic flaw |
NA |
Hemant Patidar (@HemantSolo) |
Bug Bounty | 2021-08-05 | 2023-06-13 |
| 2300 | [$5K] Misconfigured Reset password that leads to Account Takeover (No user Interaction ATO) |
Account takeover
Password reset
Information disclosure |
NA |
Aditya Sharma (@Assass1nmarcos) |
Bug Bounty | 2021-08-24 | 2023-06-13 |
| 2196 | Bug-Bounty | FASTMAIL [pobox.com : account takeover] |
Account takeover
Password reset |
Fastmail |
Mohammed ELdawody |
Bug Bounty | 2021-09-24 | 2023-06-13 |
