Tag
password-reset
Safeguard articles tagged "password-reset" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Vulnerability Analysis
GitLab Account Takeover via Password Reset (CVE-2023-7028) Explained
CVE-2023-7028 let attackers send GitLab password-reset links to an address they controlled — a zero-interaction account takeover scored 10.0. Here's the flaw and the fix.
Jul 5, 20265 min read
Vulnerability Analysis
CVE-2019-19844: Django password reset token weakness
CVE-2019-19844 let attackers hijack Django accounts by exploiting how case-sensitive email matching broke the base36 password reset token flow.
Oct 9, 20257 min read