all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Ransacking your password reset tokens

Add to bookmarks
Jan. 26, 2023, 1 p.m. |

Positive Security | IT Security research and happy coincidences positive.security

We demonstrate how the popular "Ransack" library (Ruby on Rails) can be abused to exfiltrate sensitive data via character by character brute-force, allowing for a full application compromise in some cases. An internet wide search identifies several hundred potentially vulnerable applications.

application applications brute brute-force cases compromise data internet library password password reset popular rails reset ruby ruby on rails search sensitive data tokens vulnerable

Visit resource

More from positive.security / Positive Security | IT Security research and happy coincidences

Hacking Auto-GPT and escaping its docker container 10 months ago | positive.security
auto auto-gpt code container +13
Ransacking your password reset tokens 1 year, 3 months ago | positive.security
application applications brute brute-force +16
urlscan.io's SOAR spot: Chatty security tools leaking private data 1 year, 5 months ago | positive.security
data private data security security tools +2
From XSS to RCE (dompdf 0day) 2 years, 1 month ago | positive.security
0day dompdf rce xss
Find You: Building a stealth AirTag clone 2 years, 2 months ago | positive.security
airtag
Recovering redacted information from pixelated videos 2 years, 3 months ago | positive.security
information videos

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Premium Hub - CoE: Business Process Senior Consultant, SAP Security Role and Authorisations & GRC

@ SAP | Dublin 24, IE, D24WA02
View on infosec-jobs.com

Product Security Response Engineer

@ Intel | CRI - Belen, Heredia
View on infosec-jobs.com

Application Security Architect

@ Uni Systems | Brussels, Brussels, Belgium
View on infosec-jobs.com

Sr Product Security Engineer

@ ServiceNow | Hyderabad, India
View on infosec-jobs.com

Analyst, Cybersecurity & Technology (Initial Application Deadline May 20th, Final Deadline May 31st)

@ FiscalNote | United Kingdom (UK)
View on infosec-jobs.com
View more jobs