strong Password Policy Bypass through removing a specific Parameter and setting the Passwort to 1 in modoboa/modoboa

Valid

Reported on

Mar 17th 2023


Hello,

i was able to detect another password security issue.

While changing the password the attacker can use the proxy and submit for example password as 1.

Altough there is a passwort policy restriction but i managed to bypass that.

Let me show you :)

The Password is now 2 lets change it to HACK

As you can see we have a password policy at least 8 characters with one digit.

Lets change the password to 1 by deleting the first newpassword and leaving the confirmation.

After that we will login with the passwort 1 to the app.

lets see :)

changed the passwort from 2 to 1 lets see the reply and output


profile and passwort accepted.

lets login with the username: user@demo.local adn PASS: 1

As you can see the password is 1 lets login.

as you can see we have logged in successfully.

Will show it you again.

Bypass for the strong password policy.

Thank you for watching :)

Impact

Hello,

i was able to detect another password security issue.

While changing the password the attacker can use the proxy and submit for example password as 1.

Altough there is a passwort policy restriction but i managed to bypass that.

Let me show you :)

The Password is now 2 lets change it to HACK

As you can see we have a password policy at least 8 characters with one digit.

Lets change the password to 1 by deleting the first newpassword and leaving the confirmation.

After that we will login with the passwort 1 to the app.

lets see :)

changed the passwort from 2 to 1 lets see the reply and output


profile and passwort accepted.

lets login with the username: user@demo.local adn PASS: 1

As you can see the password is 1 lets login.

as you can see we have logged in successfully.

Will show it you again.

Bypass for the strong password policy.

Thank you for watching :)

We are processing your report and will contact the modoboa team within 24 hours. a year ago
A GitHub Issue asking the maintainers to create a SECURITY.md exists a year ago
We have contacted a member of the modoboa team and are waiting to hear back a year ago
modoboa/modoboa maintainer validated this vulnerability 10 months ago
ahmedvienna has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
modoboa/modoboa maintainer
10 months ago

Maintainer


PR containing a fix: https://github.com/modoboa/modoboa/pull/2949

Ahmed Hassan
10 months ago

Researcher


Hello. Can you please assign it a CVE ?

Antoine Nguyen
10 months ago

Maintainer


Can you validate it's working on your side first please?

Ahmed Hassan
10 months ago

Researcher


yes its working fine :)

Ahmed Hassan
10 months ago

Researcher


Can you assign it a CVE ? :) Would me more than happy for that.

Best regards Ahmed Hassan

Ahmed Hassan
10 months ago

Researcher


Good morning :),

Any updates regarding the Assigning of the CVE ?

Best regards Ahmed Hassan

Antoine Nguyen marked this as fixed in 2.1.0 with commit 130257 10 months ago
Antoine Nguyen has been awarded the fix bounty
This vulnerability has now been published 10 months ago
to join this conversation