Authentication Bypass by Primary Weakness in kestasjk/webdiplomacy

Valid

Reported on

Jul 23rd 2021


✍️ Description

According to previous explanation about weak cryptographic tokens, you also send the same weak token to users that forgot their passwords.

here an attacker can also do Bruteforce attacks to take control of users accounts.

🕵️‍♂️ Proof of Concept

http://webdiplomacy.net/logon.php?emailToken=fa0a5%7Camg2027amg%40gmail.com&forgotPassword=3

attacker without any captcha can easily can perform this attack.

💥 Impact

This vulnerability is capable of take control of all user's accounts that already attackers knows their emails.

Occurrences

We have contacted a member of the kestasjk/webdiplomacy team and are waiting to hear back a year ago
Kestas "Chris" Kuliukas validated this vulnerability a year ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
Kestas
a year ago

Maintainer


This is the one I meant to mark as valid.. It's just plausible that someone might make a million requests to try and get into someone's account so .. sure, I'll add a timestamp

Kestas "Chris" Kuliukas marked this as fixed with commit 6911bb a year ago
Kestas "Chris" Kuliukas has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation