strong Password Policy Bypass through removing a specific Parameter and setting the Passwort to 1 in modoboa/modoboa

Valid

Reported on

Mar 17th 2023

Hello,

i was able to detect another password security issue.

While changing the password the attacker can use the proxy and submit for example password as 1.

Altough there is a passwort policy restriction but i managed to bypass that.

Let me show you :)

The Password is now 2 lets change it to HACK

As you can see we have a password policy at least 8 characters with one digit.

Lets change the password to 1 by deleting the first newpassword and leaving the confirmation.

After that we will login with the passwort 1 to the app.

lets see :)

changed the passwort from 2 to 1 lets see the reply and output

profile and passwort accepted.

lets login with the username: user@demo.local adn PASS: 1

As you can see the password is 1 lets login.

as you can see we have logged in successfully.

Will show it you again.

Bypass for the strong password policy.

Thank you for watching :)

Impact

Hello,

i was able to detect another password security issue.

While changing the password the attacker can use the proxy and submit for example password as 1.

Altough there is a passwort policy restriction but i managed to bypass that.

Let me show you :)

The Password is now 2 lets change it to HACK

As you can see we have a password policy at least 8 characters with one digit.

Lets change the password to 1 by deleting the first newpassword and leaving the confirmation.

After that we will login with the passwort 1 to the app.

lets see :)

changed the passwort from 2 to 1 lets see the reply and output

profile and passwort accepted.

lets login with the username: user@demo.local adn PASS: 1

As you can see the password is 1 lets login.

as you can see we have logged in successfully.

Will show it you again.

Bypass for the strong password policy.

Thank you for watching :)

We are processing your report and will contact the modoboa team within 24 hours. 2 months ago
We have contacted a member of the modoboa team and are waiting to hear back 2 months ago
modoboa/modoboa maintainer validated this vulnerability a month ago
ahmedvienna has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
modoboa/modoboa maintainer
a month ago

Maintainer

PR containing a fix: https://github.com/modoboa/modoboa/pull/2949

ahmedvienna
a month ago

Researcher

Hello. Can you please assign it a CVE ?

Antoine Nguyen
a month ago

Maintainer

Can you validate it's working on your side first please?

ahmedvienna
a month ago

Researcher

yes its working fine :)

ahmedvienna
a month ago

Researcher

Can you assign it a CVE ? :) Would me more than happy for that.

Best regards Ahmed Hassan

ahmedvienna
a month ago

Researcher

Good morning :),

Any updates regarding the Assigning of the CVE ?

Best regards Ahmed Hassan

Antoine Nguyen marked this as fixed in 2.1.0 with commit 130257 a month ago
Antoine Nguyen has been awarded the fix bounty
This vulnerability has been assigned a CVE
Antoine Nguyen published this vulnerability a month ago
to join this conversation