This incident which i am going to share with you , is dated back when I first started learning what testing was.... May be you too will find this interesting.I used to work as a freelancer, I was given a website to test. As I was starting up as a tester, I was really excited.were no documentation so was actually doing ET (I didnt know that was exploratory testing at that point :))
It was then I found this out, The bug was pretty funny but a very serious security flaw.There
The ‘Forgot password section’:
As you all know that the forgot password section is of great use in any website, but if not properly validated it could be a very serious security issue.
The system sends password to any given email id without validating if the given id was mapped against the corresponding user name in the system database
I just was negative testing it, but the password was actually sent the email ad, This was a real security flaw.A big one.
That was one bug that changed my whole concept about the testing.
I think This is going to help you guys too. Because I still find websites(Being tested) with the Similar issues. Its a wolf in sheep's disguise guys.
