136 matches found
CVE-2022-1631 Users Account Pre-Takeover or Users Account Takeover. in microweber/microweber
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain...
PT-2022-14015 · Google +1 · G-Suite +1
Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 1.2.15 Description: The issue allows an attacker to create an account in the application using a victim's email, as there is no email confirmation. This enables the attacker to gain pre-authentication t...
Acronis: Missing brute force protection on login page on www.acronis.com
A missing brute force protection vulnerability was discovered on the login page of www.acronis.com. This allowed attackers to launch brute force attacks on user accounts, potentially leading to unauthorized access...
Cross-site Request Forgery (CSRF)
ssddanbrown/bookstack is vulnerable to cross-site request forgery attacks. The library does not properly validate the user login flow after the email confirmation, allowing an attacker to duplicate the username and gain access to the account when user click the confirmation link...
Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack
Description Login CSRF via /register/confirm/token endpoint. Proof of Concept 1: Register account with the same username as our victim, an email confirmation will take place 2: Retrieve token from email. 3: Send a link http://BOOKSTACKAPPURL/register/confirm/token to user. 4: When the user clicks...
Use of a Broken or Risky Cryptographic Algorithm in anonaddy/anonaddy
Description MD5 and SHA-1 are popular cryptographic hash algorithms often used to verify the integrity of messages and other data. Recent advances in cryptanalysis have discovered weaknesses in both algorithms. Consequently, MD5 and SHA-1 should no longer be relied upon to verify the authenticity...
HackerOne: Used email confirmation link reveals the email address which is tied to it
Summary: If an attacker finds an used email confirmation link the token is in URL s/he will be able to see the email address which is tied to the confirmation link ID. The attack itself is pretty unlikely but the application should show the generic error message like The confirmation ID is invali...
Acronis: Account Confirmation bypass leads to acess some fucntionality
STEPS: 1. Go to the URL https://account.acronis.com//auth/signup 2. Create a Business Account 3. Intercept the request using burp suite 4. Now intercept the response of given HTTP REQUEST below 5. Change the field "confirmed":false to true 6. Even you can bypass Accept term condition by changing...
Profile Builder & Profile Builder Pro < 3.3.3 - Authenticated Blind SQL Injection
The orderby parameter of the wp-admin/users.php?page=unconfirmedemails=email=asc page, which is available when the "Email confirmation" setting of the plugin is activated default is off, is not properly sanitised and validated before being concatenated in a SQL statement, leading to an SQL...
Shopify: Email Confirmation Bypass in your-store.myshopify.com which leads to privilege escalation
Hello Shopify, I have found a bug by which I can verify any email on .myshopify.com, the bug is very strange but it works. Also I can take over the accounts but only the ones which do not have SSO. To reproduce please follow the steps exactly as I written otherwise you will not be able to reprodu...
Gitlab -- Vulnerability
Gitlab reports: Email Confirmation not Required on Sign-up...
Shopify: Able to Takeover Merchants Accounts Even They Have Already Setup SSO, After Bypassing the Email Confirmation
Able to Takeover Merchants Accounts Even They Have Already Setup SSO, After Bypassing the Email Confirmation Summary This report is based on the scenario that email confirmation has been bypassed already, like shown in 791775. What happened in 791775 was, I was too excited and didn't take a step...
Shopify: [Part II] Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation
Summary In 791775, I submitted a bug at Sunday 5pm Canada time, it was triaged two hours later, and I got the temp fix message at around 3am the next day in Canada time. Truly awesome, the next day I retested after the first fix, and found that I - Cannot receive the email confirmation in the ema...
Shopify: Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Any Shop Owner by Taking Advantage of the Shopify SSO
I told Pete I would take a look at Spotify, hi Pete. Summary It's possible to take over any store account through bypassing the email confirmation step in .myshopify.com. I found a way to confirm arbitrary emails, and after confirming arbitrary email in .myshopify.com, user is able to integrate...
Magento Security Bypass Vulnerability (CNVD-2019-40829)
Magento is an open source PHP e-commerce system from the U.S. company Magento. A security bypass vulnerability exists in Magento. An attacker can exploit this vulnerability to bypass the email confirmation mechanism via a GET request capturing the relevant account data obtained from the POST...
CVE-2019-8112
A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation...
CVE-2019-8112
CVE-2019-8112 affects Magento Open Source/Commerce: unauthenticated attackers can bypass email confirmation via a GET request, leveraging data from the POST response during new user creation. Affected versions are Magento 2.2 prior to 2.2.10 and Magento 2.3 prior to 2.3.3 or 2.3.2-p1. The documen...
CVE-2019-8112
A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation...
Shopify: Add store to new partner account without confirming email address.
Details When a someone signs up for a new account on partners.shopify.com they are asked to confirm their email address before they can do anything and by anything I mean add stores, invite members, use affiliate tools and so on. Apparently they can leverage an issue on partners.shopify.com to...
foilChat Sign Up Email PIN Confirmation Bypass
foilChat sign up email PIN confirmation bypass ============================================== https://sintonen.fi/advisories/foilchat-signup-email-pin-confirmation-bypass.txt Overview -------- foilChat https://www.foilchat.com/ allows anyone to register with any email address due to a...