Hello friends this is the POC Report belongs to Magento which i have reported to them !
In this when a user request for a password reset then a unique password is being sended to the user’s gmail ,
and the application won’t allow the user to login
until the password at the mail is not being given !
because application is resetting he password automatically without asking the user permissions .
Attacker can abuse this functionality easily by requesting
a password reset and restrict the user to login his own account :v for hour’s
until user don’t know that the password is at their mail .
So the attacker will create an easy script in python to launch a password reset request on the behalf of user’s just via email [Since magento is also vulnerable to user enumeration bug in which i was able to extract the existing user’s into the magento due to improper rate limiting ]
so attacker will be giving problem’s to your existing customers and if the same code is used in enterprise magento then it will effect it too .
That’s all guys for this Report
Thanks for reading 🙂