Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Fastly Secret Disclosure

🗓️ 13 Mar 2023 00:00:00Reported by Andrey StoykovType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 219 Views

Fastly website vulnerabilities, weak password practices, and plaintext password disclosur

Code
`Correspondence from Fastly declined to comment regarding new discovered  
vulnerabilities within their website.  
  
Poor practices regarding password changes.  
  
  
1. Reset user password  
2. Access link sent  
3. Temporary password sent plaintext  
  
  
// HTTP POST request  
  
POST /user/mwebsec%40gmail.com/password/request_reset HTTP/2  
Host: api.fastly.com  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0)  
Gecko/20100101 Firefox/108.0  
[...]  
  
[...]  
{"g-recaptcha-response":"03AFY_a8UY[...]"}  
[...]  
  
  
// HTTP response  
  
HTTP/2 200 OK  
Cache-Control: no-store  
[...]  
  
  
// HTTP GET request  
  
GET  
/auth/user/3lWtx49FrV2.../password/reset/f496875e6e1d88d80aa5.../1677948661/2f2ea8d230adaf03bd749081d...  
HTTP/2  
Host: manage.fastly.com  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0)  
Gecko/20100101 Firefox/108.0  
[...]  
  
  
// HTTP response  
  
HTTP/2 200 OK  
Cache-Control: public, max-age=60, stale-if-error=1209600,  
stale-while-revalidate=600  
[...]  
  
  
  
Weak Pwd requirements  
  
1. Login to user account  
2. Click Account -> Personal Profile  
3. Select Change Password -> Current Password -> FastLy%2540!1M  
4. Select New Password -> P.P.P.P.P.P.P -> Confirm Password -> P.P.P.P.P.P.P  
5. Select Sign Out Option  
6. Login with new password  
  
  
// HTTP POST request  
  
POST /oauth/password HTTP/2  
Host: api.fastly.com  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0)  
Gecko/20100101 Firefox/108.0  
[...]  
  
[...]  
client_id=fastly-ui&grant_type=password&new_password=P.P.P.P.P.P.P&old_password=FastLy%2540!1M&username=mwebsec%  
40gmail.com  
[...]  
  
  
// HTTP response  
  
HTTP/2 401 Unauthorized  
Status: 401 Unauthorized  
Cache-Control: no-store  
Content-Type: application/json  
[...]  
  
[...]  
{"msg":"Token 3kzBPKXbsbtZBl9..."}  
[...]  
  
  
// HTTP POST request  
  
POST /oauth/access_token HTTP/2  
Host: api.fastly.com  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0)  
Gecko/20100101 Firefox/108.0  
[...]  
  
[...]  
client_id=fastly-ui&grant_type=password&password=P.P.P.P.P.P.P&username=mwebsec%  
40gmail.com  
[...]  
  
  
// HTTP response  
  
HTTP/2 200 OK  
Status: 200 OK  
[...]  
  
[...]  
{"id":"7IU53vPHZ...",  
"name":"manage.fastly.com browser session",  
"user_id":"3lWtx49FrV...",  
"customer_id":"535znFHg...",  
[...]  
"token_type":"bearer",  
"scope":"global",  
"services":[],  
"access_token":"qwdBQF43O..."}  
[...]  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Mar 2023 00:00Current
7.4High risk
Vulners AI Score7.4
fastlywebsitevulnerabilitiesweak passwordplaintext disclosurehttp posthttp getresponseunauthorizedaccess tokencustomer id
219