Implementing a password reset function is a very challenging part for every developers. There is no well-defined standard on how to implement a secure password reset functionality in an application. That's why every application has a different way of implementation like sending unique URLs, generating a temporary password, security questions, OTP etc.
Every developer has a different approach of implementing such feature. That's why every time the hacker has to think of a new way to hack. In this talk, I'll be briefly telling some methodologies for achieving Account Takeover via exploiting misconfigured password reset functionality.