We received the following issue on our bug bounty program - The link is the link of our custom domain in Auth0.
“”"
-
Open password reset page on https://ourCustomDoamin/dbconnections/change_password
-
Enter mail id and intercept the request in burp and send this request to a repeater.
-
No replay same request after some request it shown {“error”:“too_many_requests”,“error_description”:“too many requests”}
-
Now simply add %00 on the end of the email and resend even more password reset emails.
-
email.com%00 - and keep adding %00 0r %0d everytime you are rate limited. After a while you can go back to just %00 as it resets after so long. And rate limiting protection bypassed.
“”"
I putting it here FYI and understand if there’s anything we need to take care of.