Weak policy at Change password function in kromitgmbh/titra

Valid

Reported on

Jun 13th 2022


Description

We can register an normal account with >= 8 characters password. But we ccan change password with just 1 character when we use change password function

Proof of Concept

https://drive.google.com/file/d/1D-IDqrMiaBGLnZaZY9L3u-S4u-MoGxPc/view?usp=sharing

Impact

When users change password to a too simple password, attacker can easily guess user password and access account.

We are processing your report and will contact the kromitgmbh/titra team within 24 hours. 16 days ago
We have contacted a member of the kromitgmbh/titra team and are waiting to hear back 15 days ago
kromitgmbh/titra maintainer validated this vulnerability 15 days ago
Tran Duc Anh has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Tran Duc Anh
15 days ago

Researcher


@admin can we assign a CVE to this vulnerability?

Jamie Slome
15 days ago

Admin


If the maintainer is happy to proceed with a CVE, we will assign and publish one on their behalf.

@maintainer?

kromitgmbh/titra maintainer confirmed that a fix has been merged on 7f0907 13 days ago
The fix bounty has been dropped
kromitgmbh/titra maintainer
13 days ago

Maintainer


I am okay with a CVE but the vulnerability has just been fixed in the latest version of titra (0.78.1).

Jamie Slome
13 days ago

Admin


Sorted 👍

@maintainer - it is good and standard practice to publish CVEs, especially after they have been fixed :)

to join this conversation