Restricting the user’s to login into their account attacker’s way

Hello friends this is the POC Report belongs to  Magento which i have reported to them !

Issue:
In this when a user request for a password reset then a unique password is being sended to the user’s gmail ,
and the application won’t allow the user to login
until the password at the mail is not being given !
because application is resetting he password automatically without asking the user permissions .

impact:
Attacker can abuse this  functionality easily by requesting
a password reset and restrict the user to login his own account :v for hour’s
until user don’t know that the password is at their mail .

Video Poc:

Reply 😦

reply

Explained Further:
So the attacker will create an easy script in python to launch a password reset request on the behalf of user’s just via email  [Since magento is also vulnerable to  user enumeration bug in which i was able to extract the existing user’s into the magento  due to improper rate limiting ]

so attacker will be giving problem’s to your existing customers  and if the same code is used in enterprise magento then it will effect it too .

[+]Reported
[+]Not patched
[+]Disclosed

That’s all guys for this Report
Thanks for reading 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s