Bookwyrm 0.4.3 Authentication Bypass

2022.09.20

Credit: Akshay Ravi

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2022-2651

CWE: CWE-305

# Exploit Title: Bookwyrm v0.4.3 - Authentication Bypass
# Date: 2022-08-4
# Exploit Author: Akshay Ravi
# Vendor Homepage: https://github.com/bookwyrm-social/bookwyrm
# Software Link: https://github.com/bookwyrm-social/bookwyrm/releases/tag/v0.4.3
# Version: <= 4.0.3
# Tested on: MacOS Monterey
# CVE: CVE-2022-2651
# Original Report Link: https://huntr.dev/bounties/428eee94-f1a0-45d0-9e25-318641115550/
Description: Email Verification Bypass Leads To Account Takeover in bookwyrm-social/bookwyrm v0.4.3 Due To Lack Of Ratelimit Protection
# Steps to reproduce:
1. Create a acount with victims email id
2. When the account is created, its ask for email confirmation via validating OTP
Endpoint: https://site/confirm-email
3. Enter any random OTP and try to perfrom bruteforce attack and if otp matches, We can takeover that account

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Bookwyrm 0.4.3 Authentication Bypass

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.