Legal Robot: Two accounts can be made with same password

2017-10-14T15:01:52
ID H1:277213
Type hackerone
Reporter hackinggiant
Modified 2017-10-20T08:18:00

Description

A really nice bug to look into i found this while i was making my own account as i was testing for some serious bug i decided to just look into that how Legal Robot behaves when two account are made with the same password.

Hacker Scenario: Person1 makes a account with a password called password now person2 too makes his password called password [we ca see that the both user made their password the same] the person2 acts as attacker and tries different emails using his password using some tools luckily he/she finds out that there is another email whose password is same, He/she logs into it and do whatever he/she wants to do and Person1(Victim) won't know. Sorry but i doon't know how to name this weakness

See the PoC video: