Bookwyrm 0.4.3 Bypass Otentikasi

  • Whatsapp
Cisco Small Business RV Series Authentication Bypass / Command Injection
Cisco Small Business RV Series Authentication Bypass Command Injection

News.nextcloud.asia

Bookwyrm versi 0.4.3 dan di bawahnya mengalami kerentanan bypass otentikasi karena kurangnya pembatasan kecepatan pada pemeriksaan OTP.

SHA-256 | 01182b49f5094c1c536e28a7cca127e1933e717f4d3a739892d462bc0afce375

# Exploit Title: Bookwyrm v0.4.3 - Authentication Bypass
# Date: 2022-08-4
# Exploit Author: Akshay Ravi
# Vendor Homepage: https://github.com/bookwyrm-social/bookwyrm
# Software Link: https://github.com/bookwyrm-social/bookwyrm/releases/tag/v0.4.3
# Version: <= 4.0.3
# Tested on: MacOS Monterey
# CVE: CVE-2022-2651
# Original Report Link: https://huntr.dev/bounties/428eee94-f1a0-45d0-9e25-318641115550/

Description: Email Verification Bypass Leads To Account Takeover in bookwyrm-social/bookwyrm v0.4.3 Due To Lack Of Ratelimit Protection

# Steps to reproduce:

1. Create a acount with victims email id
2. When the account is created, its ask for email confirmation via validating OTP
Endpoint: https://site/confirm-email
3. Enter any random OTP and try to perfrom bruteforce attack and if otp matches, We can takeover that account

Pos terkait

Tinggalkan Balasan

Alamat email Anda tidak akan dipublikasikan.