Cleartext Transmission of Sensitive Information in khodakhah/nodcms

Valid

Reported on

Sep 15th 2021

Description

Clear Text submission of password through unencrypted channel

Proof of Concept

POST /en/login HTTP/1.1
Host: demo.nodcms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 27
Origin: http://demo.nodcms.com
Connection: close
Referer: http://demo.nodcms.com/en/login
Cookie: d37845a855345e0a2ddea86bc736b578=0399e44932; ci_session=8d75c3fd76d549abb973d063b9913d9b6a8cbfeb

username=demo&password=demo

Impact

Vulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.

References

https://portswigger.net/kb/issues/00300100_cleartext-submission-of-password

We have contacted a member of the khodakhah/nodcms team and are waiting to hear back 2 years ago

khodakhah validated this vulnerability 2 years ago

0xdhinu has been awarded the disclosure bounty

The fix bounty is now up for grabs

khodakhah marked this as fixed with commit 18d8aa 2 years ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

to join this conversation