# Cheesy Does It (forgot\_password flaw) Level: Easy\ Points: 10\ Type: Daily Challenge During register/login we can see forgot password feature.

Forgot-password takes only one arguement i.e `username` , we can pass any username here.

Once username is passed, OTP is sent to account's email address. The ui doesnot takes the value more than 4 digit.\ Meaning we can try to bruteforce the OTP.

There is no any rate limiting system and we can successfully bruteforce the OTP.\ After successfull OTP bruteforce, we get the reset\_token

From the js file,we can get idea on how to use the reset\_token to change the password. POST request to /api/verify-token with values of * `username` * `reset_token` * `new_password`

Password successfully changed. Now, we can login as admin and get the flag.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://notes.dollarboysushil.com/web-app/bugforge/business-logic-flaw/cheesy-does-it-forgot_password-flaw.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.