Security Fix for Business Logic Errors - huntr.dev

[huntr-helper]

https://huntr.dev/users/d3v53c has fixed the Business Logic Errors vulnerability 🔨. Think you could fix a vulnerability like this?

Get involved at https://huntr.dev/

Q | A Version Affected | ALL Bug Fix | YES Original Pull Request | https://github.com/418sec/node-login/pull/1 Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/other/node-login/2/README.md

User Comments:

📊 Metadata *

node-login is a template for quickly building login systems on top of Node.js & MongoDB. The business logic which updates account details fails to verify if the provied email is associated with another account.

Bounty URL: https://www.huntr.dev/bounties/2-other-node-login

⚙️ Description *

Whenever account details are updated, the email is validated against existing users, to avoid identical email accounts.

💻 Technical Description *

When an update request is initialized, email attribute in request body is used to run a query to determine, whether an account exists with the same email address. If there exists, and it's not the same user, then request is rejected and appropriate error message is shown in the browser.

🐛 Proof of Concept (PoC) *

Navigate to /signup and Create two accounts with data like below Account 1 - username: victim, email: [email protected] Account 2 - username: hacker, email: [email protected] Account creation functionality does not allows to create user with existing email. poc1 Login to the hacker account In the account update section, change the email field with victim email and submit the form. poc2 Now both accounts are associated with victim's email. Check MongoDB backend for confirmation poc2

🔥 Proof of Fix (PoF) *

👍 User Acceptance Testing (UAT)

After fix, functionality is unaffected.