You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description
It has been identified that the application is leaking referrer token to third party sites. In this case it was found that the password reset token is being leaked to third party sites which is an issue knowing the fact that it can allow any malicious users to use the token and reset the passwords of the victim.
Steps To Reproduce:-
Request a password reset link for a valid account
Click on the reset link
Before resetting the password click on the twitter/Facebook or any link footer section
You will notice the following request in burpsuit
REQUEST:
GET /tidepool_org HTTP/1.1
Host: twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Referer: https://app.tidepool.org/confirm-password-reset?resetKey=HT1JWC9WiPcablF9qMvpYFjG5lcpaoEz
Upgrade-Insecure-Requests: 1
As you can see in the referrer the reset token is getting leaked to third party sites. So, the person who has complete control over that particular third party site can compromise the user accounts easily.
The text was updated successfully, but these errors were encountered:
Severity - (Medium 4 - 6.9)
Weakness - Violation of Secure Design Principles
Description
It has been identified that the application is leaking referrer token to third party sites. In this case it was found that the password reset token is being leaked to third party sites which is an issue knowing the fact that it can allow any malicious users to use the token and reset the passwords of the victim.
Steps To Reproduce:-
REQUEST:
GET /tidepool_org HTTP/1.1
Host: twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Referer: https://app.tidepool.org/confirm-password-reset?resetKey=HT1JWC9WiPcablF9qMvpYFjG5lcpaoEz
Upgrade-Insecure-Requests: 1
As you can see in the referrer the reset token is getting leaked to third party sites. So, the person who has complete control over that particular third party site can compromise the user accounts easily.
The text was updated successfully, but these errors were encountered: