LensKart Projects

We Found 2bugs in this portal Password reset link and Session Expiry.

Scroll

Image

Image

Image

Project Type Web Application Security
Client Lenskart
Project Description Project 1

In this project, I identified a security issue in the password reset process of an e-commerce website. The problem was that old password reset links remained active even after a new password was set, posing a risk for unauthorized access.

I run tests, recorded the problem, and presented fixes-such as old reset links expire immediately and ensure each link is only good for a single use-that helps build my skills in security testing, bug identification, and the presentation of solutions to protect user accounts.

Skills Demonstrated: Security Testing, QA, Vulnerability Analysis

Project 2

Session Invalidation Vulnerability After Password Change

Overview:

Security flaw on an e-commerce website platform: In this project, I found a security flaw where user sessions kept being active long after a changed password. That is, it meant that users who changed their passwords could be logged on with old session cookies, and the risk occurred of unauthorized access.

I tested and confirmed this vulnerability, highlighting that the old session should automatically expire after a password change to protect user accounts. I recommended fixes, including invalidating session cookies immediately upon password change and using secure cookie attributes like "HttpOnly," "Secure," and "SameSite" to enhance session security.

Skills Demonstrated: Security Testing, Session Management Analysis, Vulnerability Identification