Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Password reset token leaking to github #376

Closed
degeri opened this issue May 10, 2019 · 0 comments

Comments

Projects
None yet
1 participant
@degeri
Copy link
Contributor

commented May 10, 2019

While on the reset password page if the user clicks on the "The source code is available at GitHub" button the request to github.com leaks the full URL in the referrer. This is benign in most cases. But in this page it exposes the secret password reset link.

This has a very low impact:

  1. It is leaking to github.com, the chances of an attack from github.com is small.

  2. Requires the user to do an unlikely action.

  3. The reset link will expire in an hour or after the user resets the password.

  4. With the reset link an attacker will not be able to determine the user's email ID.

image

This vulnerability has been reported through the Bug bounty program

@degeri degeri referenced this issue May 10, 2019

Merged

Referrer fix #377

@dajohi dajohi closed this in #377 May 15, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.