Authentication Bypass via Email Domain Suffix Manipulation
Introduction Authentication is the process of verifying the identity of a user, system, or entity to ensure they are who they claim to be before granting access to resources. This process involves presenting credentials, like usernames and passwords, and validating them against a trusted source. Authentication is a crucial security measure, helping to protect systems, data, networks, and applications from unauthorized access and potential attacks. However, there are multiple ways authentication can be bypassed. Sometimes, it can be due to SQL injection,SSRF, IDOR, default login credentials, access control bugs, and even blind XSS can help to bypass authentication. Vulnerability Discovery In this write-up, I will explain how I found this bug in detail. A few months ago, I found an interesting internal application via recon. Initially, I left that domain because there was a strict login enforced via the front-end, and I did not see much to test. I tried a few things like default cre...