Skip to content
Fast-turnaround security assessments available — 10+ years development & security experienceGet started
Tag

Posts tagged ‘password-reset

1 case tagged with ‘password-reset

Auth BypassCVSS 9.1critical
4 min read

The Trusted Email That Wasn't

A legitimate password reset email — SPF passed, DKIM valid, sender verified. But the link inside pointed to an attacker's domain. One HTTP header turned a routine email into a full account takeover.

Read case
Back to all cases