1. Web Security Academy
  2. Authentication vulnerabilities
  3. Other mechanisms
  4. Lab

Lab: Password reset broken logic


This lab's password reset functionality is vulnerable. To solve the lab, reset Carlos's password then log in and access his "My account" page.

  • Your credentials: wiener:peter
  • Victim's username: carlos

Find vulnerabilities in your authentication using Burp Suite

The benefits of working through PortSwigger's Web Security Academy

Get started with the Web Security Academy where you can practise exploiting vulnerabilities on realistic targets .. and its free!

Already got an account? Login here