Lucene search
Earth2sky0BBDC9D4-D9DC-4490-93EF-0A83B451A20FHistoryFeb 11, 2023 - 9:47 a.m.
No Rate Limit On Reset Password
2023-02-1109:47:47
earth2sky
www.huntr.dev
21
rate limiting algorithm
user session
ip address
http servers
status code 429
proof of concept
video poc
burpsuite
security issues
password change functionality
bug bounty
0.001 Low
EPSS
Percentile
47.3%
Description
A rate limiting algorithm is used to check if the user session (or IP address) has to be limited based on the information in the session cache. In case a client made too many requests within a given time frame, HTTP servers can respond with status code 429: Too Many Requests. (wikipedia)
I just realize that on the reset password page, the request has no rate limit which then can be used to loop through one request
Proof of Concept
VIDEO POC
https://drive.google.com/file/d/1FhvPexy9NwpFD6kMTvYlXMc7xvwfhnci/view?usp=sharing
Steps To Reproduce:
- Go to https://demo.froxlor.org/admin_index.php?page=change_password
- change old and new password
- Intercept request in burpsuite suite and repeate same request 100 times
- Once introder attack is completed then try to relogin with new password.
Result:
There are 2 seurity issues observed
- Application allowed to change same old and new password
- There is no rate limit on password change functionality
Related
github
github
Froxlor vulnerable to Allocation of Resources Without Limits or Throttling
2023-05-19 18:30:25
prion
prion
Design/Logic Flaw
2023-05-12 01:15:00
cnvd
cnvd
Froxlor Resource Management Error Vulnerability
2023-05-17 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-05-29 16:47:31
cve
cve
CVE-2023-2666
2023-05-12 01:15:09
osv
osv
CVE-2023-2666
2023-05-12 01:15:09
Froxlor vulnerable to Allocation of Resources Without Limits or Throttling
2023-05-19 18:30:25
nvd
nvd
CVE-2023-2666
2023-05-12 01:15:09
cvelist
cvelist