Bug on Megneto can restrict User to Login to Account | Writeup by Vishwa Raj
Labels:
Megneto,
POC,
Video Tutorials,
Vishwa Raj
Hello friends, Today we gonna post POC of a bug on Megneto which allows User to restrict to login to their accounts.
This bug has been submitted to Pentesting Lab by Viswa Raj.
Issue :
In this when a user request for a password reset then a unique password is being sended to the user’s gmail and the application won’t allow the user to login until the password at the mail is not being given because application is resetting he password automatically without asking the user permissions
Impact :
Attacker can abuse this functionality easily by requesting a password reset and restrict the user to login his own account for hour’s until user don’t know that the password is at their mail .
Explained Further :
So the attacker will create an easy script in python
to launch a password reset request on the behalf of user’s just via email [Since magento is also vulnerable to user enumeration bug in which i was able to extract the existing user’s into the magento due to improper rate limiting ] so attacker will be giving problem’s to your existing customers and if the same code is used in enterprise magento then it will effect it too .
PS : This bug has been already reported to megneto and unfortunately the denied this bug.
You can see the reply from them..
Video POC :
This bug has been submitted to Pentesting Lab by Viswa Raj.
Issue :
In this when a user request for a password reset then a unique password is being sended to the user’s gmail and the application won’t allow the user to login until the password at the mail is not being given because application is resetting he password automatically without asking the user permissions
Impact :
Attacker can abuse this functionality easily by requesting a password reset and restrict the user to login his own account for hour’s until user don’t know that the password is at their mail .
Explained Further :
So the attacker will create an easy script in python
to launch a password reset request on the behalf of user’s just via email [Since magento is also vulnerable to user enumeration bug in which i was able to extract the existing user’s into the magento due to improper rate limiting ] so attacker will be giving problem’s to your existing customers and if the same code is used in enterprise magento then it will effect it too .
PS : This bug has been already reported to megneto and unfortunately the denied this bug.
You can see the reply from them..
Video POC :
Subscribe to:
Post Comments (Atom)
1 comments:
'Menneto' literally never exists.
Post a Comment