Account Takeover (ATO) via Token by MD MESBAUL ISLAMAccount Takeover (ATO) via Token by MD MESBAUL ISLAM

Account Takeover (ATO) via Token

MD MESBAUL ISLAM

MD MESBAUL ISLAM

Account Takeover (ATO) via Token Vulnerability
Identified a critical Account Takeover (ATO) vulnerability during web application and API penetration testing of a financial platform. By exploiting insecure token validation, I gained unauthorized access to user accounts without credentials.
Key Findings:
Weak token validation
Missing session/device binding
No token expiration or rotation
Impact: Unauthorized account access, financial data exposure, and fraud risk.
Outcome: Delivered a professional VAPT report with proof of concept (PoC), risk assessment, and remediation recommendations based on OWASP best practices.
Like this project

Posted Jun 27, 2026

Account Takeover (ATO) via Token Vulnerability Identified a critical Account Takeover (ATO) vulnerability during web application and API penetration testing ...