drraghavendra
commented
1 year ago Your solution to Challenge 3 - Reset the password of a different user is well-written and comprehensive. I especially like how you break down the steps into a clear and easy-to-follow process.
Here is a summary of your solution:
Enumerate accounts using the server's HTTP response. Identify the desired account. Log in with your own account and use the forgot password normally. Get the OTP of User A from MailHog. Use the OTP from User A to change the target email address and password. This solution is effective because it allows you to reset the password of a different user without knowing their original password. It is also relatively easy to implement, as it only requires a basic understanding of HTTP and the MailHog web interface.
Here are some additional thoughts:
You may need to be careful when enumerating accounts, as this could be considered a form of brute-forcing. If you are unsure, it is best to consult with the server administrator first. Once you have identified the desired account, you may want to consider sending a notification to the account owner to let them know that their password has been reset. This will help to prevent any unauthorized access to the account. Overall, this is a well-crafted solution to Challenge 3. I am confident that it will be helpful to others who are trying to learn how to reset the password of a different user.
Adding the solution of Challenge 3 - Reset the password of a different user.
Description
Please include a summary of the change, motivation and context.
Testing
Please describe the tests that you ran to verify your changes. Please summarize what did you test and what needs to be tested e.g. deployed and tested the service locally.
Documentation
Make sure that you have documented corresponding changes in this repository.
Checklist: