This issue was found on https://www.starbuckscardb2b.com, this website belongs to starbucks and its is a critical vulnerability so I am reporting this.
Issue:
An attacker can takeover the account of the victim by creating a new account by using victimβs (who is already registered) email address.
Steps to reproduce are as follows:
[email protected]
and password 12345678
[email protected]
with different password.[email protected]
user will be set to the password used by attacker.An attacker can take over the control of any/all registered users.