Bypass Email activation on http://axa.dxi.eu
High
8
8x8
Submitted None
Team Summary
Official summary from 8x8
The account activation link utilized by the ContactNow application utilized a token in the existing session for validation. Knowing this token it was possible to bypass the activation step.
Actions:
Reported by
madrobot
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Access Control - Generic