Authentication Bypass by Primary Weakness in kestasjk/webdiplomacy

Valid

Reported on

Jul 23rd 2021


✍️ Description

According to previous explanation about weak cryptographic tokens, you also send the same weak token to users that forgot their passwords.

here an attacker can also do Bruteforce attacks to take control of users accounts.

🕵️‍♂️ Proof of Concept

http://webdiplomacy.net/logon.php?emailToken=fa0a5%7Camg2027amg%40gmail.com&forgotPassword=3

attacker without any captcha can easily can perform this attack.

💥 Impact

This vulnerability is capable of take control of all user's accounts that already attackers knows their emails.

Occurences

We have contacted a member of the kestasjk/webdiplomacy team and are waiting to hear back 4 months ago
Kestas "Chris" Kuliukas validated this vulnerability 4 months ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
Kestas
4 months ago

Maintainer


This is the one I meant to mark as valid.. It's just plausible that someone might make a million requests to try and get into someone's account so .. sure, I'll add a timestamp

Kestas "Chris" Kuliukas confirmed that a fix has been merged on 6911bb 4 months ago
Kestas "Chris" Kuliukas has been awarded the fix bounty