Adult beauty APP any User Password Reset requires enhanced verification code
The password of any user in the adult beauty APP is reset.
The password of any user in the adult beauty APP is reset, and the verification code is only four digits. No other verification is performed. I found several registered mobile phone numbers and tested them.
Incorrect verification code:
{"RetCode": "1062", "errorInfo": "Incorrect verification code. Enter", "currentApiCode": "106", "loginName": null, "name": null, "sessionToken": null}
Correct verification code:
{"RetCode": "0000", "errorInfo": "", "currentApiCode": "106", "loginName": "132 xxxxxxxx", "name ": "8RWo7QII47", "sessionToken": "4e945202-142f-00006-8413-222489b18ded "}
When the verification code is correct, the user name is returned. When the verification code is cracked, you can quickly search for it based on the returned value.
Solution:
Enhance the complexity of the verification code.