Vulnerability spam from Amazon
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 01 Aug 2022 14:39:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oIcBi-00071u-Uq
for dave@doctor.nl2k.ab.ca;
Mon, 01 Aug 2022 14:38:54 -0600
Resent-From: The Doctor
Resent-Date: Mon, 1 Aug 2022 14:38:54 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from e226-9.smtp-out.us-east-2.amazonses.com ([23.251.226.9]:48271)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from <010f01825a0cd5f5-a59725de-90cb-4078-be30-a60e0af58943-000000@us-east-2.amazonses.com>)
id 1oIXT7-0001y2-2E
for doctor@nk.ca;
Mon, 01 Aug 2022 09:36:38 -0600
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=ndjes4mrtuzus6qxu3frw3ubo3gpjndv; d=amazonses.com; t=1659368166;
h=Subject:From:To:Reply-To:List-Unsubscribe:List-Unsubscribe-Post:List-Id:Feedback-ID:Message-ID:MIME-Version:Date:Content-Type;
bh=Zj4vMzzTo8ILw2ATxWXbul4D+1i0/Hnif7WvHA+Q5CE=;
b=Weu+N1XX79HuVqMmI+6OEyPc11LiQOH+pHo5BnxaZ25uRTi82RpfNO2lJ8qSO3L0
6zzRUxL7fH2tvQAQJoBGcXX3HYE3eiLYA3h57U47LacxpE5s0xJF2TA9ULOlaJVZRhi
FrnT7UX9WtQfg79mZm/+hwXo8GgC/VBWrQKCFaF8=
Subject: { Bug Report } Vulnerability - Failure to invalidate session on
forget password link
From: Claire Ashton
To: "doctor@nk.ca"
Reply-To: Claire Ashton
List-Unsubscribe:,
Subscriber-Uid:om199trscnc1a - Unsubscribe request&body=Please unsubscribe
me!>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Id: ze9586d69hb79
X-Report-Abuse: https://email.offensiveguards.io/latest/campaigns/sw152ng3xha7e/report-abuse/ze9586d69hb79/om199trscnc1a
X-EBS: https://email.offensiveguards.io/latest/lists/block-address
Feedback-ID: 1.us-east-2.BpxGxN9WUJ3M/MMsQjRMRMl6wUvhP63pKB5BthJ+hhA=:AmazonSES
Message-ID: <010f01825a0cd5f5-a59725de-90cb-4078-be30-a60e0af58943-000000@us-east-2.amazonses.com>
MIME-Version: 1.0
Date: Mon, 1 Aug 2022 15:36:06 +0000
Content-Type: multipart/alternative; boundary=UvMZjECZ
X-SES-Outgoing: 2022.08.01-23.251.226.9
--UvMZjECZ
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hello doctor,
I Hope you are well, as an=C2=A0independent security res=
earcher I have
found some bugs/vulnerabilities in your website.
VULN=
ERABILITY:=C2=A0Failure to invalidate session on forget password
I hav=
e observed that when we=C2=A0request=C2=A0a forgot password link it
updat=
es the session instead of=C2=A0expiration. If an account=C2=A0is
logged=
=C2=A0in some account and the password reset link=C2=A0is used=C2=A0the
o=
ther account will get updated but not expired.
STEPS TO REPRODUCE:
=
1. Request a forgot password link.
2. Now login in another browser and=
then use the password reset link
in another browser.
3. You will notic=
e that the password=C2=A0will be changed=C2=A0successfully
and the other =
browser will still be active with the account you opened
in it.
IMPA=
CT:
If some account=C2=A0is logged=C2=A0in in=C2=A0some browser it=
=C2=A0will not
be=C2=A0logged out from that browser and=C2=A0will be logg=
ed=C2=A0in and=C2=A0can
be=C2=A0used for malicious activities.
RECOM=
MENDATIONS:
It should expire immediately when the password=C2=A0is cha=
nged.
Regards.
OffensiveGuards
5400 N Lakewood Ave
Chicago
=
If you want this vulnerability to be published on our blog for
educact=
ional purposes, then unsubscribe
[https://email.offensiveguards.io/latest=
/campaigns/sw152ng3xha7e/track-url/om199trscnc1a/b49a449cfdbcc030f109bef0a9=
6a7f7cfab9503e]
or reply back to this email thank you.
--UvMZjECZ
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
=09{ Bug Report } Vulnerability - Failure to invalidate session on f=
orget password link
Hello doctor,
I Hope you are well, as an=C2=A0independent security researcher I have foun=
d some bugs/vulnerabilities in your website.
Vulnerability:=C2=A0Failure to invalidate session on forge=
t password
I have observed that when we=C2=A0request=C2=A0a forgot password link it up=
dates the session instead of=C2=A0expiration. If an account=C2=A0is logged=
=C2=A0in some account and the password reset link=C2=A0is used=C2=A0the oth=
er account will get updated but not expired.
Steps to reproduce:
1. Request a forgot password link.
2. Now login in another browser and then use the password reset link in ano=
ther browser.
3. You will notice that the password=C2=A0will be changed=C2=A0successfully=
and the other browser will still be active with the account you opened in =
it.
Impact:
If some account=C2=A0is logged=C2=A0in in=C2=A0some browser it=C2=A0will no=
t be=C2=A0logged out from that browser and=C2=A0will be logged=C2=A0in and=
=C2=A0can be=C2=A0used for malicious activities.
Recommendations:
It should expire immediately when the password=C2=A0is changed.
Regards.
OffensiveGuards
5400 N Lakewood Ave
Chicago
If you want this vulnerability to be published on our blog for educactional=
purposes, then
l.offensiveguards.io/latest/campaigns/sw152ng3xha7e/track-url/om199trscnc1a=
/b49a449cfdbcc030f109bef0a96a7f7cfab9503e">unsubscribe or reply back to=
this email thank you.
s://email.offensiveguards.io/latest/campaigns/sw152ng3xha7e/track-opening/o=
m199trscnc1a" alt=3D"" />
--UvMZjECZ--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 01 Aug 2022 14:39:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oIcBi-00071u-Uq
for dave@doctor.nl2k.ab.ca;
Mon, 01 Aug 2022 14:38:54 -0600
Resent-From: The Doctor
Resent-Date: Mon, 1 Aug 2022 14:38:54 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from e226-9.smtp-out.us-east-2.amazonses.com ([23.251.226.9]:48271)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from <010f01825a0cd5f5-a59725de-90cb-4078-be30-a60e0af58943-000000@us-east-2.amazonses.com>)
id 1oIXT7-0001y2-2E
for doctor@nk.ca;
Mon, 01 Aug 2022 09:36:38 -0600
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=ndjes4mrtuzus6qxu3frw3ubo3gpjndv; d=amazonses.com; t=1659368166;
h=Subject:From:To:Reply-To:List-Unsubscribe:List-Unsubscribe-Post:List-Id:Feedback-ID:Message-ID:MIME-Version:Date:Content-Type;
bh=Zj4vMzzTo8ILw2ATxWXbul4D+1i0/Hnif7WvHA+Q5CE=;
b=Weu+N1XX79HuVqMmI+6OEyPc11LiQOH+pHo5BnxaZ25uRTi82RpfNO2lJ8qSO3L0
6zzRUxL7fH2tvQAQJoBGcXX3HYE3eiLYA3h57U47LacxpE5s0xJF2TA9ULOlaJVZRhi
FrnT7UX9WtQfg79mZm/+hwXo8GgC/VBWrQKCFaF8=
Subject: { Bug Report } Vulnerability - Failure to invalidate session on
forget password link
From: Claire Ashton
To: "doctor@nk.ca"
Reply-To: Claire Ashton
List-Unsubscribe:
Subscriber-Uid:om199trscnc1a - Unsubscribe request&body=Please unsubscribe
me!>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Id: ze9586d69hb79
X-Report-Abuse: https://email.offensiveguards.io/latest/campaigns/sw152ng3xha7e/report-abuse/ze9586d69hb79/om199trscnc1a
X-EBS: https://email.offensiveguards.io/latest/lists/block-address
Feedback-ID: 1.us-east-2.BpxGxN9WUJ3M/MMsQjRMRMl6wUvhP63pKB5BthJ+hhA=:AmazonSES
Message-ID: <010f01825a0cd5f5-a59725de-90cb-4078-be30-a60e0af58943-000000@us-east-2.amazonses.com>
MIME-Version: 1.0
Date: Mon, 1 Aug 2022 15:36:06 +0000
Content-Type: multipart/alternative; boundary=UvMZjECZ
X-SES-Outgoing: 2022.08.01-23.251.226.9
--UvMZjECZ
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hello doctor,
I Hope you are well, as an=C2=A0independent security res=
earcher I have
found some bugs/vulnerabilities in your website.
VULN=
ERABILITY:=C2=A0Failure to invalidate session on forget password
I hav=
e observed that when we=C2=A0request=C2=A0a forgot password link it
updat=
es the session instead of=C2=A0expiration. If an account=C2=A0is
logged=
=C2=A0in some account and the password reset link=C2=A0is used=C2=A0the
o=
ther account will get updated but not expired.
STEPS TO REPRODUCE:
=
1. Request a forgot password link.
2. Now login in another browser and=
then use the password reset link
in another browser.
3. You will notic=
e that the password=C2=A0will be changed=C2=A0successfully
and the other =
browser will still be active with the account you opened
in it.
IMPA=
CT:
If some account=C2=A0is logged=C2=A0in in=C2=A0some browser it=
=C2=A0will not
be=C2=A0logged out from that browser and=C2=A0will be logg=
ed=C2=A0in and=C2=A0can
be=C2=A0used for malicious activities.
RECOM=
MENDATIONS:
It should expire immediately when the password=C2=A0is cha=
nged.
Regards.
OffensiveGuards
5400 N Lakewood Ave
Chicago
=
If you want this vulnerability to be published on our blog for
educact=
ional purposes, then unsubscribe
[https://email.offensiveguards.io/latest=
/campaigns/sw152ng3xha7e/track-url/om199trscnc1a/b49a449cfdbcc030f109bef0a9=
6a7f7cfab9503e]
or reply back to this email thank you.
--UvMZjECZ
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
=09
orget password link
Hello doctor,
I Hope you are well, as an=C2=A0independent security researcher I have foun=
d some bugs/vulnerabilities in your website.
Vulnerability:=C2=A0Failure to invalidate session on forge=
t password
I have observed that when we=C2=A0request=C2=A0a forgot password link it up=
dates the session instead of=C2=A0expiration. If an account=C2=A0is logged=
=C2=A0in some account and the password reset link=C2=A0is used=C2=A0the oth=
er account will get updated but not expired.
Steps to reproduce:
1. Request a forgot password link.
2. Now login in another browser and then use the password reset link in ano=
ther browser.
3. You will notice that the password=C2=A0will be changed=C2=A0successfully=
and the other browser will still be active with the account you opened in =
it.
Impact:
If some account=C2=A0is logged=C2=A0in in=C2=A0some browser it=C2=A0will no=
t be=C2=A0logged out from that browser and=C2=A0will be logged=C2=A0in and=
=C2=A0can be=C2=A0used for malicious activities.
Recommendations:
It should expire immediately when the password=C2=A0is changed.
Regards.
OffensiveGuards
5400 N Lakewood Ave
Chicago
If you want this vulnerability to be published on our blog for educactional=
purposes, then
l.offensiveguards.io/latest/campaigns/sw152ng3xha7e/track-url/om199trscnc1a=
/b49a449cfdbcc030f109bef0a96a7f7cfab9503e">unsubscribe or reply back to=
this email thank you.
s://email.offensiveguards.io/latest/campaigns/sw152ng3xha7e/track-opening/o=
m199trscnc1a" alt=3D"" />
--UvMZjECZ--