RehmankhanWhy you need to hash reset_token like passwordReading the thread on HN I decided to discuss why hashing only passwords is impractical if attackers get read access to your users table or…2 min read·Jan 1, 2021----
RehmankhanACCOUNT TAKEOVER THROUGH OTP BYPASS 😜Hello Guys, I am Rehman Khan. It’s my first bug bounty write-up which allowed a malicious user to takeover any account on the target site…3 min read·Dec 26, 2020----