Vulnerable Remember Password

Check List

Methodology

Black Box

Reauthentication For Changing Password Bypass

1

Go to accounts settings

2

Add an email address to the email which we have access to (Remember adding an email doesn't require you to re-enter password but changing password does)

3

Confirm the email address

4

Make it primary email (Even this doesn't require you to re-enter password)

5

Now we can change the password by reseting it through the new ema

Trigger the Passwordless / Remember Me Login

1

Register or log in normally

2

Tick "Remember me", "Stay logged in", or use "Sign in with this device"

3

Complete login → Note you are logged in

4

Open DevTools → Application → Local Storage / Session Storage / IndexedDB

5

Search for password, cred, token, user, email

6

If plain/encoded/base64 credentials found → Credential leak confirmed

7

then go to DevTools → Application → Cookies

8

Look for session cookie with no or very long Expires/Max-Age (1 year, "Session" but never expires)

Clickjacking on Auto-Login Page

1

Frame the login/auto-auth page

<iframe src="https://target.com/auto-login" style="opacity:0.1"></iframe>
2

If auto-login triggers in iframe → Clickjacking possible

CSRF on Auto-Auth Flow

1

Craft CSRF PoC that visits the auto-login endpoint

<img src="https://target.com/remembered-login-endpoint">
2

If victim visits → Automatically logged in as you → CSRF confirmed

White Box

Cheat Sheet

PreviousBypassing Authentication SchemaNextBrowser Cache Weaknesses

Last updated