Bookwyrm 0.4.3 Authentication Bypass

2022.09.20
Credit: Akshay Ravi
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-305

# Exploit Title: Bookwyrm v0.4.3 - Authentication Bypass # Date: 2022-08-4 # Exploit Author: Akshay Ravi # Vendor Homepage: https://github.com/bookwyrm-social/bookwyrm # Software Link: https://github.com/bookwyrm-social/bookwyrm/releases/tag/v0.4.3 # Version: <= 4.0.3 # Tested on: MacOS Monterey # CVE: CVE-2022-2651 # Original Report Link: https://huntr.dev/bounties/428eee94-f1a0-45d0-9e25-318641115550/ Description: Email Verification Bypass Leads To Account Takeover in bookwyrm-social/bookwyrm v0.4.3 Due To Lack Of Ratelimit Protection # Steps to reproduce: 1. Create a acount with victims email id 2. When the account is created, its ask for email confirmation via validating OTP Endpoint: https://site/confirm-email 3. Enter any random OTP and try to perfrom bruteforce attack and if otp matches, We can takeover that account


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top