{"id": "H1:223637", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Weblate: [hosted.weblate.org]Account Takeover", "description": "Hello Team,\n\n**Steps to Reproduce:**\n\n* Go to Login Page\n* Reset Your Password by Clicking `Reset it`.\n* Put your email and answer the captcha.\n* Go to your email and click your reset Link.\n* You dont need to Change Your Password because you'll be logged in.\n\n**Scenario**\nVictim forgot to logout his/her Email Account on a Cafe/Internet Renting Shops. The Attacker Click the Reset Password link and because that Improper InValidation of Session on Password Reset Links lies in there. Attacker can gain access to Victim's Account.\n\nLet me know if you need more information.\n\nBest Regards,\n\n\n", "published": "2017-04-25T03:23:39", "modified": "2017-05-17T14:09:10", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/223637", "reporter": "mga_bobo", "references": [], "cvelist": [], "lastseen": "2018-12-04T01:13:08", "viewCount": 2, "enchantments": {"score": {"value": 0.1, "vector": "NONE", "modified": "2018-12-04T01:13:08", "rev": 2}, "dependencies": {"references": [], "modified": "2018-12-04T01:13:08", "rev": 2}, "vulnersScore": 0.1}, "bounty": 0.0, "bountyState": "resolved", "h1team": {"handle": "weblate", "profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/019/468/031e92a2cecbe38ab7cb25b78a1de2e6455a7cda_medium.?1490255263", "small": "https://profile-photos.hackerone-user-content.com/000/019/468/8de19bd3587c60a19501ba13609bc8a80071d5ca_small.?1490255263"}, "url": "https://hackerone.com/weblate"}, "h1reporter": {"disabled": false, "hacker_mediation": false, "hackerone_triager": false, "is_me?": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/148/719/f41d33a598873e9d68fe31b42f681e4d269bbfcd_small.jpg?1543814743"}, "url": "/mga_bobo", "username": "mga_bobo"}}

{}