Tags: websec 

Rating: 0

###### The Solution :
1. First, I opened the challenge page.
2. And then I set the proxy of the browser to redirect its request to the BurpSuite Application.
3. On submitting the values on the challenge page, I intercepted the following request via BurpSuite. I removed the “oldpassword” parameter from the request body, so the new request to be forwarded to the challenge page, looked like this.

[Modified Request](https://i.ibb.co/rk1LB1w/Screenshot-from-2019-11-02-11-14-05-Copy.png)

4. Then, on forwarding the customized request via BurpSuite, I got the following Success message.

[Bypassed the Reset Mechanism](https://i.ibb.co/DrQNfKz/Screenshot-2019-11-2-Super-Admin.png)