Password Reset Token Exposed in Redirect URL — GLOBE.gov (Sensitive Token in URL, P4)

Disclosed by
Ninadgowda
Summary by National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program

There is no established/validated exploit method

Summary by Ninadgowda

When requesting a password reset on globe.gov, the reset link delivered via email includes sensitive parameters (ticketId and ticketKey) directly inside the URL.
Additionally, the link is wrapped inside a Google redirect (www.google.com/url?q=), causing:

✅ Exposure to a third-party domain (Google)
✅ Logging in browser history, network logs, proxies, referrer headers
✅ Potential retrieval by any script or plugin reading visited URLs

Activity