BugCrowd Bug Bounty Disclosure: P5 – Account Takeover via Password Reset Token and Insecure Email Change Handling – David007

July 25, 2025
Account Takeover via Password Reset Token and Insecure Email Change Handling

Account Takeover via Password Reset Token and Insecure Email Change Handling

Researcher: David007
Engagement: National Aeronautics and Space Administration (NASA) – Vulnerability Disclosure Program
Disclosed at: 2025-07-24T21:35:52Z
Priority: P5
Status: Informational

Summary

Account Takeover via Password Reset Token and Insecure Email Change Handling

Activity Feed

Actor Details Timestamp (UTC)
Martin_NASA Martin_NASA published 2025-07-24T21:35:52Z
David007 David007 requested 2025-07-12T02:52:09Z
Mason357_Bugcrowd Mason357_Bugcrowd sent a: message 2025-07-11T17:21:14Z
Mason357_Bugcrowd Mason357_Bugcrowd changed the state to to informational 2025-07-11T17:21:07Z
Mason357_Bugcrowd Mason357_Bugcrowd changed the severity to 2025-07-11T17:21:05Z
David007 David007 created the submission 2025-07-11T14:39:01Z

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , ,

You may have missed

image

CVE Alert: CVE-2025-7640

July 25, 2025
image

CVE Alert: CVE-2025-7690

July 25, 2025
image

CVE Alert: CVE-2025-7695

July 25, 2025
image

CVE Alert: CVE-2025-7780

July 25, 2025
image

CVE Alert: CVE-2025-7822

July 25, 2025