Ylabs2024-06-25T12:13:53+02:00
TL;DR
If you employ a Java application with a token-based password recovery mechanism, be sure that said token isn't generated using: RandomStringUtils.
Spoiler: You can crack it and predict all past and future tokens generated by the application!
Some Context
During a Penetration Test I was sifting through the internet - as one often does...
