strong Password Policy Bypass through removing a specific Parameter and setting the Passwort to 1 in modoboa/modoboa

Valid

Reported on

Mar 17th 2023


Hello,

i was able to detect another password security issue.

While changing the password the attacker can use the proxy and submit for example password as 1.

Altough there is a passwort policy restriction but i managed to bypass that.

Let me show you :)

The Password is now 2 lets change it to HACK

As you can see we have a password policy at least 8 characters with one digit.

Lets change the password to 1 by deleting the first newpassword and leaving the confirmation.

After that we will login with the passwort 1 to the app.

lets see :)

changed the passwort from 2 to 1 lets see the reply and output


profile and passwort accepted.

lets login with the username: user@demo.local adn PASS: 1

As you can see the password is 1 lets login.

as you can see we have logged in successfully.

Will show it you again.

Bypass for the strong password policy.

Thank you for watching :)

Impact

Hello,

i was able to detect another password security issue.

While changing the password the attacker can use the proxy and submit for example password as 1.

Altough there is a passwort policy restriction but i managed to bypass that.

Let me show you :)

The Password is now 2 lets change it to HACK

As you can see we have a password policy at least 8 characters with one digit.

Lets change the password to 1 by deleting the first newpassword and leaving the confirmation.

After that we will login with the passwort 1 to the app.

lets see :)

changed the passwort from 2 to 1 lets see the reply and output


profile and passwort accepted.

lets login with the username: user@demo.local adn PASS: 1

As you can see the password is 1 lets login.

as you can see we have logged in successfully.

Will show it you again.

Bypass for the strong password policy.

Thank you for watching :)

We are processing your report and will contact the modoboa team within 24 hours. 2 months ago
We have contacted a member of the modoboa team and are waiting to hear back 2 months ago
modoboa/modoboa maintainer validated this vulnerability a month ago
ahmedvienna has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
modoboa/modoboa maintainer
a month ago

Maintainer


PR containing a fix: https://github.com/modoboa/modoboa/pull/2949

ahmedvienna
a month ago

Researcher


Hello. Can you please assign it a CVE ?

Antoine Nguyen
24 days ago

Maintainer


Can you validate it's working on your side first please?

ahmedvienna
24 days ago

Researcher


yes its working fine :)

ahmedvienna
24 days ago

Researcher


Can you assign it a CVE ? :) Would me more than happy for that.

Best regards Ahmed Hassan

ahmedvienna
23 days ago

Researcher


Good morning :),

Any updates regarding the Assigning of the CVE ?

Best regards Ahmed Hassan

Antoine Nguyen marked this as fixed in 2.1.0 with commit 130257 23 days ago
Antoine Nguyen has been awarded the fix bounty
This vulnerability has been assigned a CVE
Antoine Nguyen published this vulnerability 23 days ago
to join this conversation