Cleartext Transmission of Sensitive Information in khodakhah/nodcms

Valid

Reported on

Sep 15th 2021


Description

Clear Text submission of password through unencrypted channel

Proof of Concept

POST /en/login HTTP/1.1
Host: demo.nodcms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 27
Origin: http://demo.nodcms.com
Connection: close
Referer: http://demo.nodcms.com/en/login
Cookie: d37845a855345e0a2ddea86bc736b578=0399e44932; ci_session=8d75c3fd76d549abb973d063b9913d9b6a8cbfeb

username=demo&password=demo

Impact

Vulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.

We have contacted a member of the khodakhah/nodcms team and are waiting to hear back a year ago
khodakhah validated this vulnerability a year ago
0xdhinu has been awarded the disclosure bounty
The fix bounty is now up for grabs
khodakhah confirmed that a fix has been merged on 18d8aa a year ago
The fix bounty has been dropped
to join this conversation