node-login

vulnerability business logic errors
severity 3.1
language javascript
registry other

Description

node-login is a template for quickly building login systems on top of Node.js & MongoDB. The business logic which updates account details fails to verify if the provied email is associated with another account.

Proof of Concept

  1. Navigate to /signup and Create two accounts with data like below
    • Account 1 - username: victim, email: victim@test.com
    • Account 2 - username: hacker, email: hacker@test.com
  2. Account creation functionality does not allows to create user with existing email. poc1
  3. Login to the hacker account
  4. In the account update section, change the email field with victim email and submit the form. poc2
  5. Now both accounts are associated with victim's email.
  6. Check MongoDB backend for confirmation poc2