Story of Http password reset link for $$$

Devansh chauhan
3 min readNov 26, 2023

--

In the digital age, online security is paramount, and one crucial aspect of this is the protection of user credentials. Password reset functionality is a common feature on many websites, allowing users to regain access to their accounts in the event of a forgotten password. However, when these password reset links are not sent through a secure connection, such as HTTPS, a significant vulnerability arises, putting user accounts and sensitive information at risk.

Understanding HTTPS:

HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP that is designed to secure the transfer of data over the internet. It uses encryption protocols to ensure that the information exchanged between a user’s browser and a website’s server remains confidential and cannot be easily intercepted by malicious actors. Websites that use HTTPS have URLs starting with “https://” instead of “http://”.

The Vulnerability:

When a password reset link is sent without the protection of HTTPS, it opens the door to several potential security risks:

Imagine you created an account and somehow forgets the password , you will request for the password reset but the twist is the reset link is in http form whereas it should be in https because everyone knows the ‘s’ in the http stands for secured and if its not secured then it can be misused through MITM (man in the middle) attack.

Conclusion:

The security of user accounts and sensitive information is a top priority for online platforms. Sending password reset links through an unsecured connection exposes users to various threats, including data interception, session hijacking, and phishing attacks. Implementing HTTPS throughout a website is a fundamental step in mitigating these risks and ensuring a safer online experience for users. Website administrators must be proactive in adopting secure practices to protect their users and uphold the integrity of their platforms.

I hope you learned something new from this blog. I will write more of my findings soon so, stay tuned for my next write-up.

Thank you for reading it 😊

Linkedin : https://www.linkedin.com/in/devansh-chauhan-b36b6a1b1

--

--