User's email disclosure via invalid password reset link [$250]
Today, i got bug bounty from hackerone private program and i want to share bug process.
I reset account password from subdomain https://auth.reacted.com. I got password reset link via email.
Password reset link has two parameter. userid and key.I change key as wrong random key.I got error message
"The password reset link was invalid, possibly because it has already been used. Please request a new password reset"
I check all request and response. I notice one response that is occur in
In json response include email parameter and email address
Nice.I try to change userid
WTF. I got email address of userid in json error response.
I report to hackerone private program.They award me $250.
See you in next bounty.