Bypass change password policy in tsolucio/corebos

Valid

Reported on

Apr 24th 2023

Description

I tested your demo site and discovered a vulnerability that could bypass password length and password complexity validation in your account's password change function.

Proof of Concept

link video PoC

https://drive.google.com/file/d/1r2TAeFdLA_eEREUccDoE86Yacavv79VR/view?usp=sharing

Impact

Potential information security risks
Potential system security risks
Impact on reputation
Consumes time and resources

We are processing your report and will contact the tsolucio/corebos team within 24 hours. 5 months ago

We have contacted a member of the tsolucio/corebos team and are waiting to hear back 5 months ago

H4ck3r Kh0ỏng

commented 5 months ago

Researcher

Hello, is there any new update?

H4ck3r Kh0ỏng modified the report

5 months ago

Joe Bordes validated this vulnerability 4 months ago

H4ck3r Kh0ỏng has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Joe Bordes marked this as fixed in 8 with commit e3dabd 4 months ago

Joe Bordes has been awarded the fix bounty

This vulnerability has been assigned a CVE

Joe Bordes published this vulnerability 4 months ago

to join this conversation