Security vulnerabilities

  • Status Closed
  • Assigned To No-one
  • Private
Attached to Project: Security vulnerabilities
Opened by waloodi_109 - 25.11.2024
Last edited by cbay - 26.11.2024

FS#108 - Email Enumeration

Email Enumeration:

Hello Team, I hope you are doing well. Well, researching on your domain, i found email enumeration in your domain.

Steps:

1.log in admin.alwaysdata.com account go to Profile.
2.choose change my email
3.enter your pass
4.enter any email you want to check
5.if the email isn't registered a message appears saying(the email is changed.)
6.if it is registered the message appearing is( There is already a profile with this email.)

BY automating the process you can easily enumerate users emails . what is the impact : 1.Mass password reset requests to registered users(spam) 2.imagine a new company like alwysdata want to advertise it will easily enumerate emails of alwaysdata and send the customers emails to convince them to join their company and leave circle this may cause you to loose some of your customers(targeted advertising through alwaysdata database) . there are other impact but those are most severe.

Here is the fix:
when a user try to assign an email that is already registered to your accounts tell him that (An error has occured)or(we have sent a verification email to your email address)or anything not revealing he is registered to you .
Here is the POC:
i have carried the attack on sample of 8845 emails to avoid server overload
the result is by using burpsuite i can bruteforce the change email feature and enumerate users by the status in intruder attack:
200—>Not registered and can be added
500—>registered and error message
400—> this is invalid email because for example it doesn't have @ sign in it

Thank You,
Waleed Anwar

Closed by  cbay
26.11.2024 09:00
Reason for closing:  Duplicate
Additional comments about closing:  

https://security.alwaysda ta.com/task/19

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing