Password Reset token returned in Respose to Account takeover. in ever-co/ever-gauzy

Valid

Reported on

Jul 26th 2022


Description

Password Reset token returned in Respose. Then you can set an arbitrary password with the following url:

/#/auth/reset-password?token=[token]

Proof of Concept

Impact

Password Reset token returned in Respose. Account takeover.

We are processing your report and will contact the ever-co/ever-gauzy team within 24 hours. 2 months ago
May25Available modified the report
2 months ago
We have contacted a member of the ever-co/ever-gauzy team and are waiting to hear back 2 months ago
May25Available modified the report
2 months ago
We have sent a follow up to the ever-co/ever-gauzy team. We will try again in 7 days. 2 months ago
We have sent a second follow up to the ever-co/ever-gauzy team. We will try again in 10 days. 2 months ago
We have sent a third and final follow up to the ever-co/ever-gauzy team. This report is now considered stale. 2 months ago
May25Available
18 days ago

Researcher


@admin, I see patch for vulnerability has been realease. https://github.com/ever-co/ever-gauzy/commit/52521eaf08318bc70ffb91e4782ed103dca64f72

Can you help me?

May25Available
18 days ago

Researcher


@admin

Jamie Slome
17 days ago

Admin


I'd recommend just dropping a message at the bottom of the commit :)

Ruslan Konviser validated this vulnerability 17 days ago
May25Available has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Ruslan Konviser confirmed that a fix has been merged on 52521e 17 days ago
The fix bounty has been dropped
auth.service.ts#L138-L174 has been validated
Ruslan Konviser gave praise 17 days ago
Thank you!!!
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
to join this conversation