Password Reset Poisoning via Dangling Markup

Password reset poisoning is a header based attack, where an attacker can manipulate the URL/domain of a password reset link. In addition, by adding 'dangling HTML markup' into HTTP request header values during an application’s password reset process, the hacker is able to capture username/password information as well.

Dangling HTML is where standard HTML tags have not been completed with a closing ">. Therefore when injected into an HTTP response, the browser returns everything up to the next closing "> it encounters. Everything up until that character is treated as being part of the url and sent to the attacker's server within the URL querystring. As a consequence, the generated reset token, username, password or other sensitive information is captured and sent to the attackers server allowing the hacker to perform an account takeover.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center