Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
security: Username Discoverability
This mitigates a vulnerability reported by haxtron on
[huntr.dev](https://huntr.dev/) where usernames can be discovered by the
message returned when a username is invalid. This makes it to where
regardless of if the username is correct or not it will display a message
stating `If the information provided is valid a password reset email will be
sent to the email address you have on file.`. This blocks the chance of
someone finding a valid username by brute force guessing.
  • Loading branch information
JediKev committed Oct 7, 2021
1 parent e282910 commit 86165c2
Show file tree
Hide file tree
Showing 4 changed files with 5 additions and 6 deletions.
2 changes: 1 addition & 1 deletion include/client/pwreset.sent.php
Expand Up @@ -5,7 +5,7 @@

<form action="pwreset.php" method="post" id="clientLogin">
<div style="width:50%;display:inline-block"><?php echo __(
'We have sent you a reset email to the email address you have on file for your account. If you do not receive the email or cannot reset your password, please submit a ticket to have your account unlocked.'
'If the information provided is valid a password reset email will be sent to the email address you have on file. If you do not receive the email or have trouble reseting your password, please contact support.'
); ?>
</div>
</form>
2 changes: 1 addition & 1 deletion include/staff/pwreset.sent.php
Expand Up @@ -15,7 +15,7 @@
</a></h1>
<h3><?php echo __('A confirmation email has been sent'); ?></h3>
<h3 style="color:black;"><em><?php echo __(
'A password reset email was sent to the email on file for your account. Follow the link in the email to reset your password.'
'If the information provided is valid a password reset email will be sent to the email address you have on file. Follow the link in the email to reset your password.'
); ?>
</em></h3>

Expand Down
4 changes: 2 additions & 2 deletions pwreset.php
Expand Up @@ -29,8 +29,8 @@
.' '.__('Internal error occurred');
}
else
$banner = sprintf(__('Unable to verify username %s'),
Format::htmlchars($_POST['userid']));
$inc = 'pwreset.sent.php';

break;
case 'reset':
$inc = 'pwreset.login.php';
Expand Down
3 changes: 1 addition & 2 deletions scp/pwreset.php
Expand Up @@ -53,8 +53,7 @@
}
}
else
$msg = sprintf(__('Unable to verify username %s'),
Format::htmlchars($_POST['userid']));
$tpl = 'pwreset.sent.php';
break;
case 'newpasswd':
// TODO: Compare passwords
Expand Down

0 comments on commit 86165c2

Please sign in to comment.