Vulnerability spam from Amazon
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 01 Aug 2022 14:39:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oIcBi-00071u-Uq
for dave@doctor.nl2k.ab.ca;
Mon, 01 Aug 2022 14:38:54 -0600
Resent-From: The Doctor
Resent-Date: Mon, 1 Aug 2022 14:38:54 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from e226-9.smtp-out.us-east-2.amazonses.com ([23.251.226.9]:48271)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from <010f01825a0cd5f5-a59725de-90cb-4078-be30-a60e0af58943-000000@us-east-2.amazonses.com>)
id 1oIXT7-0001y2-2E
for doctor@nk.ca;
Mon, 01 Aug 2022 09:36:38 -0600
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=ndjes4mrtuzus6qxu3frw3ubo3gpjndv; d=amazonses.com; t=1659368166;
h=Subject:From:To:Reply-To:List-Unsubscribe:List-Unsubscribe-Post:List-Id:Feedback-ID:Message-ID:MIME-Version:Date:Content-Type;
bh=Zj4vMzzTo8ILw2ATxWXbul4D+1i0/Hnif7WvHA+Q5CE=;
b=Weu+N1XX79HuVqMmI+6OEyPc11LiQOH+pHo5BnxaZ25uRTi82RpfNO2lJ8qSO3L0
6zzRUxL7fH2tvQAQJoBGcXX3HYE3eiLYA3h57U47LacxpE5s0xJF2TA9ULOlaJVZRhi
FrnT7UX9WtQfg79mZm/+hwXo8GgC/VBWrQKCFaF8=
Subject: { Bug Report } Vulnerability - Failure to invalidate session on
forget password link
From: Claire Ashton
To: "doctor@nk.ca"
Reply-To: Claire Ashton
List-Unsubscribe:,
Subscriber-Uid:om199trscnc1a - Unsubscribe request&body=Please unsubscribe
me!>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Id: ze9586d69hb79
X-Report-Abuse: https://email.offensiveguards.io/latest/campaigns/sw152ng3xha7e/report-abuse/ze9586d69hb79/om199trscnc1a
X-EBS: https://email.offensiveguards.io/latest/lists/block-address
Feedback-ID: 1.us-east-2.BpxGxN9WUJ3M/MMsQjRMRMl6wUvhP63pKB5BthJ+hhA=:AmazonSES
Message-ID: <010f01825a0cd5f5-a59725de-90cb-4078-be30-a60e0af58943-000000@us-east-2.amazonses.com>
MIME-Version: 1.0
Date: Mon, 1 Aug 2022 15:36:06 +0000
Content-Type: multipart/alternative; boundary=UvMZjECZ
X-SES-Outgoing: 2022.08.01-23.251.226.9
--UvMZjECZ
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hello doctor,
I Hope you are well, as an=C2=A0independent security res=
earcher I have
found some bugs/vulnerabilities in your website.
VULN=
ERABILITY:=C2=A0Failure to invalidate session on forget password
I hav=
e observed that when we=C2=A0request=C2=A0a forgot password link it
updat=
es the session instead of=C2=A0expiration. If an account=C2=A0is
logged=
=C2=A0in some account and the password reset link=C2=A0is used=C2=A0the
o=
ther account will get updated but not expired.
STEPS TO REPRODUCE:
=
1. Request a forgot password link.
2. Now login in another browser and=
then use the password reset link
in another browser.
3. You will notic=
e that the password=C2=A0will be changed=C2=A0successfully
and the other =
browser will still be active with the account you opened
in it.
IMPA=
CT:
If some account=C2=A0is logged=C2=A0in in=C2=A0some browser it=
=C2=A0will not
be=C2=A0logged out from that browser and=C2=A0will be logg=
ed=C2=A0in and=C2=A0can
be=C2=A0used for malicious activities.
RECOM=
MENDATIONS:
It should expire immediately when the password=C2=A0is cha=
nged.
Regards.
OffensiveGuards
5400 N Lakewood Ave
Chicago
=
If you want this vulnerability to be published on our blog for
educact=
ional purposes, then unsubscribe
[https://email.offensiveguards.io/latest=
/campaigns/sw152ng3xha7e/track-url/om199trscnc1a/b49a449cfdbcc030f109bef0a9=
6a7f7cfab9503e]
or reply back to this email thank you.
--UvMZjECZ
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
=09{ Bug Report } Vulnerability - Failure to invalidate session on f=
orget password link
Hello doctor,
I Hope you are well, as an=C2=A0independent security researcher I have foun=
d some bugs/vulnerabilities in your website.
Vulnerability:=C2=A0Failure to invalidate session on forge=
t password
I have observed that when we=C2=A0request=C2=A0a forgot password link it up=
dates the session instead of=C2=A0expiration. If an account=C2=A0is logged=
=C2=A0in some account and the password reset link=C2=A0is used=C2=A0the oth=
er account will get updated but not expired.
Steps to reproduce:
1. Request a forgot password link.
2. Now login in another browser and then use the password reset link in ano=
ther browser.
3. You will notice that the password=C2=A0will be changed=C2=A0successfully=
and the other browser will still be active with the account you opened in =
it.
Impact:
If some account=C2=A0is logged=C2=A0in in=C2=A0some browser it=C2=A0will no=
t be=C2=A0logged out from that browser and=C2=A0will be logged=C2=A0in and=
=C2=A0can be=C2=A0used for malicious activities.
Recommendations:
It should expire immediately when the password=C2=A0is changed.
Regards.
OffensiveGuards
5400 N Lakewood Ave
Chicago
If you want this vulnerability to be published on our blog for educactional=
purposes, then
l.offensiveguards.io/latest/campaigns/sw152ng3xha7e/track-url/om199trscnc1a=
/b49a449cfdbcc030f109bef0a96a7f7cfab9503e">unsubscribe or reply back to=
this email thank you.
s://email.offensiveguards.io/latest/campaigns/sw152ng3xha7e/track-opening/o=
m199trscnc1a" alt=3D"" />
--UvMZjECZ--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 01 Aug 2022 14:39:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oIcBi-00071u-Uq
for dave@doctor.nl2k.ab.ca;
Mon, 01 Aug 2022 14:38:54 -0600
Resent-From: The Doctor
Resent-Date: Mon, 1 Aug 2022 14:38:54 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from e226-9.smtp-out.us-east-2.amazonses.com ([23.251.226.9]:48271)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from <010f01825a0cd5f5-a59725de-90cb-4078-be30-a60e0af58943-000000@us-east-2.amazonses.com>)
id 1oIXT7-0001y2-2E
for doctor@nk.ca;
Mon, 01 Aug 2022 09:36:38 -0600
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=ndjes4mrtuzus6qxu3frw3ubo3gpjndv; d=amazonses.com; t=1659368166;
h=Subject:From:To:Reply-To:List-Unsubscribe:List-Unsubscribe-Post:List-Id:Feedback-ID:Message-ID:MIME-Version:Date:Content-Type;
bh=Zj4vMzzTo8ILw2ATxWXbul4D+1i0/Hnif7WvHA+Q5CE=;
b=Weu+N1XX79HuVqMmI+6OEyPc11LiQOH+pHo5BnxaZ25uRTi82RpfNO2lJ8qSO3L0
6zzRUxL7fH2tvQAQJoBGcXX3HYE3eiLYA3h57U47LacxpE5s0xJF2TA9ULOlaJVZRhi
FrnT7UX9WtQfg79mZm/+hwXo8GgC/VBWrQKCFaF8=
Subject: { Bug Report } Vulnerability - Failure to invalidate session on
forget password link
From: Claire Ashton
To: "doctor@nk.ca"
Reply-To: Claire Ashton
List-Unsubscribe:
Subscriber-Uid:om199trscnc1a - Unsubscribe request&body=Please unsubscribe
me!>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Id: ze9586d69hb79
X-Report-Abuse: https://email.offensiveguards.io/latest/campaigns/sw152ng3xha7e/report-abuse/ze9586d69hb79/om199trscnc1a
X-EBS: https://email.offensiveguards.io/latest/lists/block-address
Feedback-ID: 1.us-east-2.BpxGxN9WUJ3M/MMsQjRMRMl6wUvhP63pKB5BthJ+hhA=:AmazonSES
Message-ID: <010f01825a0cd5f5-a59725de-90cb-4078-be30-a60e0af58943-000000@us-east-2.amazonses.com>
MIME-Version: 1.0
Date: Mon, 1 Aug 2022 15:36:06 +0000
Content-Type: multipart/alternative; boundary=UvMZjECZ
X-SES-Outgoing: 2022.08.01-23.251.226.9
--UvMZjECZ
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hello doctor,
I Hope you are well, as an=C2=A0independent security res=
earcher I have
found some bugs/vulnerabilities in your website.
VULN=
ERABILITY:=C2=A0Failure to invalidate session on forget password
I hav=
e observed that when we=C2=A0request=C2=A0a forgot password link it
updat=
es the session instead of=C2=A0expiration. If an account=C2=A0is
logged=
=C2=A0in some account and the password reset link=C2=A0is used=C2=A0the
o=
ther account will get updated but not expired.
STEPS TO REPRODUCE:
=
1. Request a forgot password link.
2. Now login in another browser and=
then use the password reset link
in another browser.
3. You will notic=
e that the password=C2=A0will be changed=C2=A0successfully
and the other =
browser will still be active with the account you opened
in it.
IMPA=
CT:
If some account=C2=A0is logged=C2=A0in in=C2=A0some browser it=
=C2=A0will not
be=C2=A0logged out from that browser and=C2=A0will be logg=
ed=C2=A0in and=C2=A0can
be=C2=A0used for malicious activities.
RECOM=
MENDATIONS:
It should expire immediately when the password=C2=A0is cha=
nged.
Regards.
OffensiveGuards
5400 N Lakewood Ave
Chicago
=
If you want this vulnerability to be published on our blog for
educact=
ional purposes, then unsubscribe
[https://email.offensiveguards.io/latest=
/campaigns/sw152ng3xha7e/track-url/om199trscnc1a/b49a449cfdbcc030f109bef0a9=
6a7f7cfab9503e]
or reply back to this email thank you.
--UvMZjECZ
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
=09
orget password link
Hello doctor,
I Hope you are well, as an=C2=A0independent security researcher I have foun=
d some bugs/vulnerabilities in your website.
Vulnerability:=C2=A0Failure to invalidate session on forge=
t password
I have observed that when we=C2=A0request=C2=A0a forgot password link it up=
dates the session instead of=C2=A0expiration. If an account=C2=A0is logged=
=C2=A0in some account and the password reset link=C2=A0is used=C2=A0the oth=
er account will get updated but not expired.
Steps to reproduce:
1. Request a forgot password link.
2. Now login in another browser and then use the password reset link in ano=
ther browser.
3. You will notice that the password=C2=A0will be changed=C2=A0successfully=
and the other browser will still be active with the account you opened in =
it.
Impact:
If some account=C2=A0is logged=C2=A0in in=C2=A0some browser it=C2=A0will no=
t be=C2=A0logged out from that browser and=C2=A0will be logged=C2=A0in and=
=C2=A0can be=C2=A0used for malicious activities.
Recommendations:
It should expire immediately when the password=C2=A0is changed.
Regards.
OffensiveGuards
5400 N Lakewood Ave
Chicago
If you want this vulnerability to be published on our blog for educactional=
purposes, then
l.offensiveguards.io/latest/campaigns/sw152ng3xha7e/track-url/om199trscnc1a=
/b49a449cfdbcc030f109bef0a96a7f7cfab9503e">unsubscribe or reply back to=
this email thank you.
s://email.offensiveguards.io/latest/campaigns/sw152ng3xha7e/track-opening/o=
m199trscnc1a" alt=3D"" />
--UvMZjECZ--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments