Vulnerability in Password Reset Feature Allows Token Forgery

The password reset feature in an application generates tokens using MD5(email + timestamp), where the timestamp is leaked in the API response. This vulnerability allows an attacker to forge valid reset tokens for any user account. The exploitation involves understanding the token algorithm, requesting a reset for any user, computing the forged token using the leaked timestamp, and resetting the password. The core vulnerability lies in the token generation logic, which uses a deterministic algorithm with known inputs. The remediation involves using a cryptographically secure random token generator and removing the requestedAt field from the API response.