Skip to content

An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.

Notifications You must be signed in to change notification settings

bypazs/CVE-2023-26984

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 

Repository files navigation

CVE-2023-26984

Vulnerability Explanation:

An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.

Attack Vectors:

The attacker had to log in with the user role and reset the password. Then intercept the traffic and change the id to admin role or another user. (An attacker can see the email and password of the Tickets page if they create a ticket.). After that, the attacker can log in with the new password with the admin account.

Affected:

Tested on:

  1. peppermint version 0.2.4 (https://github.com/Peppermint-Lab/peppermint/tree/master)

Steps to attack:

  1. Enter your username and password; the account must have low privileges.
  2. Select View profile, select Password and intercept the traffic, fill out the new password.
  3. Change the id to admin id and forward the request.
  4. Now you can login with admin account.

Discoverer:

:shipit: Thapanarath Khempetch

Disclosure Timeline:

  • 2023–02–25: Vulnerability discovered.
  • 2023–02–26: Vulnerability reported to the MITRE corporation.
  • 2023–03–29: CVE has been reserved.
  • 2023–03–29: Public disclosure of the vulnerability.

Reference:

  1. https://github.com/Peppermint-Lab/peppermint/tree/master

  2. https://peppermint.sh/

About

An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published