1. Web Security Academy
  2. Authentication vulnerabilities
  3. Other mechanisms
  4. Lab

Lab: Password reset broken logic


This lab's password reset functionality is vulnerable. To solve the lab, reset Carlos's password then log in and access his "My account" page.

  • Your credentials: wiener:peter
  • Victim's username: carlos

Register for free to track your learning progress

The benefits of working through PortSwigger's Web Security Academy
  • Practise exploiting vulnerabilities on realistic targets.

  • Record your progression from Apprentice to Expert.

  • See where you rank in our Hall of Fame.

Already got an account? Login here