sourcebans-pp icon indicating copy to clipboard operation
sourcebans-pp copied to clipboard
verified publisher icon sbpp

Vulnerability in Forgot Password implementation

Open butt0n-sudo opened this issue 1 year ago • 1 comments

The "Lost Password" page returns "The email address you supplied is not registered on the system" when an email address that is not registered is entered into the form.

This can allow for bruteforcing of valid email addresses.

This also works when "Normal Login" is disabled by calling the 'LostPassword' ajax call directly.

CWE-204: Observable Response Discrepancy

https://github.com/sbpp/sourcebans-pp/blob/a80430e3b9c2b4662a59d7d532bf64f4197b9861/web/includes/sb-callback.php#L140

butt0n-sudo avatar Jul 01 '24 04:07 butt0n-sudo

Thanks for the report, @Hackmastr will review it asap to get it merged.

Rushaway avatar Jul 01 '24 06:07 Rushaway