Skip to content

bypazs/CVE-2023-26984

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE-2023-26984

Vulnerability Explanation:

An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.

Attack Vectors:

The attacker had to log in with the user role and reset the password. Then intercept the traffic and change the id to admin role or another user. (An attacker can see the email and password of the Tickets page if they create a ticket.). After that, the attacker can log in with the new password with the admin account.

Affected:

Tested on:

  1. peppermint version 0.2.4 (https://github.com/Peppermint-Lab/peppermint/tree/master)

Steps to attack:

  1. Enter your username and password; the account must have low privileges.
  2. Select View profile, select Password and intercept the traffic, fill out the new password.
  3. Change the id to admin id and forward the request.
  4. Now you can login with admin account.

Discoverer:

:shipit: Thapanarath Khempetch

Disclosure Timeline:

  • 2023–02–25: Vulnerability discovered.
  • 2023–02–26: Vulnerability reported to the MITRE corporation.
  • 2023–03–29: CVE has been reserved.
  • 2023–03–29: Public disclosure of the vulnerability.

Reference:

  1. https://github.com/Peppermint-Lab/peppermint/tree/master

  2. https://peppermint.sh/

About

An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published