Hello everyone!!!
Welcome back, and thanks for following up with my second write-up. Today we are going to learn about quite a few vulnerabilities but they all come under the same roof. So, we are going to see how non-expired links can cause damage to the organization or user. Without further due let us get into our maze.
First, let us see what exactly are these so-called links and what do they have to do with expiring. When we signup for an account on a website or when we want to reset our password, we request the website to do so by giving the required information. And then the website lets us do the required job. One of the ways to do this is by sending a confirmation or reset password link to our email and asking us to follow the steps involved in it.
When we receive such an email we use it and follow the procedure and the work is done… But, the actual point lies there. What if the link doesn’t expire after some time or it can be used more than once. Let us understand it out with a simple story.
You and your family are going on a vacation. You closed all the doors and windows, locked the door, and left for your vacation. There is a thief in the locality and has been waiting for so long to rob your house. Thinking this is a perfect time, the thief comes to your house with the duplicate key he made of your house, breaks into your house, and stole whatever he wants.
Now let’s put it into a hacker’s perspective. A hacker has been trying to break down into your network and he somehow got into it and can see all your traffic. You or for that matter anyone in the network are under hacker surveillance. He saw you trying to reset a password for one of your accounts and when you request a password reset, you get an email, and using it you changed your password. But the hacker can see what you have been doing and he has access to it.
Now there are four directions this situation can lead to
If the password reset link doesn’t expire after one use, then the attacker can use it again to change the password and eventually the email, which then leads to a full account takeover
If the password reset link doesn’t have a certain time to get expired, let it be used or not, then it can be used later after the attacker finds out about this and get control over your account.
If the password reset link expires, then the attacker can no longer change the password.
If you have requested the link once again even after you get one and the old link didn’t get expired, then it can be taken advantage of.
The same goes with the email confirmation links too. If an attacker knows your email and creates an account with it and doesn’t confirm your account then your email will always be unavailable since it has been neither confirmed nor denied. Thus, you cannot access the service.
There is one more scenario where you have requested a password change and you got your link. Now you haven’t opened it up but changed your password from account settings (if any). If you can again change your password from the previous link, then it is also a vulnerability as the user’s password has been changed and thus the link should also change or get expired.
The same goes with not just links but also OTPs send to email or mobile numbers. If they don’t get expired after requesting a new one or after using it once or after a certain period of time, then it can have serious effects.
How is this dangerous
It is dangerous by simply hackers gaining access to your account!!!
How to avoid this
This can be avoided by keeping some restrictions
Expiring the links/OTPs after one use.
Expiring links/OTPs after a particular time, let it be 5 minutes, 2 hours, or 2 days.
Session logout after every password or email change.
And that is it for today. We have learned how can non-expired links/OTPs can be dangerous. I would love to hear your feedback and improve myself. Check out my Instagram to get updates and tricks to find vulnerabilities. And don’t forget to wait for my next post😄
Till then Take Care and Happy Hacking!!!
Comments