Email Verification Bypass Leads To Account Takeover in bookwyrm-social/bookwyrm
Valid
Reported on
Jul 12th 2022
- Hello maintainer, i noticed that there is no ratelimit protetcion on
https://book.dansmonorage.blue/confirm-email
endpoint, so we can perform bruteforce attack
Steps to reproduce:
- Create a acount with victims email id
- When the account is created, its ask for email confirmation via validating OTP on
https://book.dansmonorage.blue/confirm-email
- Enter any random OTP and try to perfrom bruteforce attack
Patch recommendation:
- Add ratelimit protecion on POST confirmation email endpoints/parameters
Impact
- Pre-Account Takeover
We are processing your report and will contact the
bookwyrm-social/bookwyrm
team within 24 hours.
a month ago
We have contacted a member of the
bookwyrm-social/bookwyrm
team and are waiting to hear back
a month ago
We have sent a
follow up to the
bookwyrm-social/bookwyrm
team.
We will try again in 7 days.
a month ago
We have sent a
second
follow up to the
bookwyrm-social/bookwyrm
team.
We will try again in 10 days.
20 days ago
The researcher's credibility has increased: +7
The fix bounty has been dropped
@maintainer are you happy to assign a CVE? please confirm, then only admin can move further
@Mouse Revee @maintainer please confirm are you happy to assign a CVE?😇
@admin maintainer has requested a CVE via github
here is the link, check that:
https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-jvp3-mqv8-5rjw
So can we assign a CVE here?
I've dropped a message on the other report asking the maintainer :)
to join this conversation