Hi All,
We received this email this morning, I'm always a bit cautious about these bounty type emails, is it anything to worry about or is he talking a load of rubbish?![:)]( "Smiley")
-----------------------------------------------------------------------------------------
Subject: Bug Bounty Report: Password reset poisoning
Date: 07/30/2024 12:10:14
Title: Password Reset Poisoning Vulnerability leads to account takeover
Date: July 29, 2024
Reported By: Aditya
Vulnerability Type: Password Reset Poisoning
Severity: Critical
Summary:
A vulnerability in the password reset functionality allows an attacker to perform a password reset poisoning attack. This exploit can manipulate the password reset link to direct the victim to a malicious website, potentially leading to account compromise.
Affected Functionality:
Password Reset Process
Impact:
Unauthorized account access
Compromise of sensitive user information
Steps to Reproduce
Step1:- Navigate to the password reset page.
Step2:- Enter the email address of the target account.
Step3:- Intercept the Password Reset Link.
Step4:- Use a web proxy tool (e.g., Burp Suite) to intercept the HTTP request containing the password reset link.
Step5:- Modify the Reset Link
Step6:- Modify the URL parameter in the intercepted link to point to an attacker-controlled domain.
Original Link: https://www.xxx.co.uk/login?view=reset& ... e70e77d24d
Poisoned Link: https://www.yyy.com/login?view=reset&la ... f1013d7280
Proof of Concept (PoC): PoC is attached for demonstrating the issue.
Mitigation
Validate and Sanitize URL Parameters.
restrict malicious url
Conclusion
The identified password reset poisoning vulnerability poses a significant risk, as it allows attackers to take over user accounts. Immediate remediation is required to prevent potential exploitation and ensure the security of user accounts.
Thank you for your attention to this critical security issue.
Regards
Aditya
We received this email this morning, I'm always a bit cautious about these bounty type emails, is it anything to worry about or is he talking a load of rubbish?
-----------------------------------------------------------------------------------------
Subject: Bug Bounty Report: Password reset poisoning
Date: 07/30/2024 12:10:14
Title: Password Reset Poisoning Vulnerability leads to account takeover
Date: July 29, 2024
Reported By: Aditya
Vulnerability Type: Password Reset Poisoning
Severity: Critical
Summary:
A vulnerability in the password reset functionality allows an attacker to perform a password reset poisoning attack. This exploit can manipulate the password reset link to direct the victim to a malicious website, potentially leading to account compromise.
Affected Functionality:
Password Reset Process
Impact:
Unauthorized account access
Compromise of sensitive user information
Steps to Reproduce
Step1:- Navigate to the password reset page.
Step2:- Enter the email address of the target account.
Step3:- Intercept the Password Reset Link.
Step4:- Use a web proxy tool (e.g., Burp Suite) to intercept the HTTP request containing the password reset link.
Step5:- Modify the Reset Link
Step6:- Modify the URL parameter in the intercepted link to point to an attacker-controlled domain.
Original Link: https://www.xxx.co.uk/login?view=reset& ... e70e77d24d
Poisoned Link: https://www.yyy.com/login?view=reset&la ... f1013d7280
Proof of Concept (PoC): PoC is attached for demonstrating the issue.
Mitigation
Validate and Sanitize URL Parameters.
restrict malicious url
Conclusion
The identified password reset poisoning vulnerability poses a significant risk, as it allows attackers to take over user accounts. Immediate remediation is required to prevent potential exploitation and ensure the security of user accounts.
Thank you for your attention to this critical security issue.
Regards
Aditya
Statistics: Posted by seghexter — Tue Jul 30, 2024 10:20 am