Lucene search
Ahmedvienna06AF150B-B481-4248-9A48-56DED2814156HistoryJan 24, 2023 - 10:33 p.m.
important E-Mail Input Field bypassed allowing Account Lockout and Takeover
2023-01-2422:33:01
ahmedvienna
www.huntr.dev
8
e-mail input field
account lockout
bypass vulnerability
security mechanism
0.001 Low
EPSS
Percentile
36.7%
Dear Ladies and Gentlemen,
First of all, thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Josef Hassan ([email protected] ) and I were able to Account Lockout Vulnerability by bypassing the Input of the E-Mail Address.
The Process of identifying the Vulnerability
- Login
- Go to https://roy.demo.phpmyfaq.de/admin/?action=user&user_id=1
- Anybody can change the User E-Mail and it is required to type an E-Mail
- If there is no E-Mail the User can maybe lock his account and never get a Passwort Reset E-Mail because no E-Mail Address is written in the Field
- We were able to bypass the Security Mechanism and do not need to type an E-Mail Address which can lead to an Account Lockout without any Possibility for Recovery
Thank you very much for your time and effort and hope hearing from you soon.
Best regards
Ahmed Hassan & Josef Hassan
Related
cve
cve
CVE-2023-0790
2023-02-12 14:15:11
osv
osv
CVE-2023-0790
2023-02-12 14:15:11
Uncaught Exception in thorsten/phpmyfaq
2023-02-12 15:30:25
cvelist
cvelist
CVE-2023-0790 Uncaught Exception in thorsten/phpmyfaq
2023-02-12 00:00:00
nvd
nvd
CVE-2023-0790
2023-02-12 14:15:11
veracode
veracode
Account Lockout
2023-02-19 10:21:11
prion
prion
Code injection
2023-02-12 14:15:00
cnvd
cnvd
phpMyFAQ has an unspecified vulnerability (CNVD-2023-09634)
2023-02-14 00:00:00
github
github
Uncaught Exception in thorsten/phpmyfaq
2023-02-12 15:30:25
openvas
openvas
phpMyFAQ < 3.1.11 Multiple Vulnerabilities
2023-02-13 00:00:00