alwaysdata All Projects: Tasklist

	ID	Status	Summary	Opened by
	45	Closed	~~Bug Title: Missing access control at password change.~~	bugtest09	Task Description Hello Web Security Severity: Medium Domain: https://admin.alwaysdata.com Description : A security researcher discovered that after resetting a password, the user was automatically logged in. As such, compromising a legitimate password reset link (via referrer token leakage or a similar issue) could lead to compromising the account since the user would not be forced to log in after resetting their password. Proof Of Concept: 1.Go to this website:(https://admin.alwaysdata.com) 2.Send the password reset link to your email. 3.Go to your email and open the link. 4.Set a new password. 5.Boom.Automatically logged in. Fix: OWASP forgot password recommendations(https://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet) suggest a better approach, which we have now implemented. Thanks. Reference : https://hackerone.com/reports/164648 https://hackerone.com/reports/255020

Closed

~~Bug Title: Missing access control at password change.~~

Task Description

Hello Web Security
Severity: Medium
Domain: https://admin.alwaysdata.com

Description :
A security researcher discovered that after resetting a password, the user was automatically logged in. As such, compromising a legitimate password reset link (via referrer token leakage or a similar issue) could lead to compromising the account since the user would not be forced to log in after resetting their password.

Proof Of Concept:
1.Go to this website:(https://admin.alwaysdata.com)
2.Send the password reset link to your email.
3.Go to your email and open the link.
4.Set a new password.
5.Boom.Automatically logged in.

Fix:
OWASP forgot password recommendations(https://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet) suggest a better approach, which we have now implemented.

Thanks.

Reference :
https://hackerone.com/reports/164648 https://hackerone.com/reports/255020

Showing tasks 1 - 1 of 1 Page 1 of 1

Available keyboard shortcuts

Alt + ⇧ Shift + l Login Dialog / Logout
Alt + ⇧ Shift + a Add new task
Alt + ⇧ Shift + m My searches
Alt + ⇧ Shift + t focus taskid search

Tasklist

o open selected task
j move cursor down
k move cursor up

Task Details

n Next task
p Previous task
Alt + ⇧ Shift + e ↵ Enter Edit this task
Alt + ⇧ Shift + w watch task
Alt + ⇧ Shift + y Close Task

Task Editing

Alt + ⇧ Shift + s save task