request #12219 Reset passord links are not invalidated on password change

Artifact

Infos

Artifact ID#12219

Submitted byThomas Gerbet (tgerbet)

Last Modified On2018-09-21 21:07

Submitted on2018-09-03 09:47

Rank12890

Details

Summary *

Reset passord links are not invalidated on password change

Original Submission

Reset password links are not invalidated after a user changes its password.

Impact

This issue could allow an attacker to persist access to a compromised user account.
CVSSv3 score: 3.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N)

Exploitation

A user got its account compromised, the attacker change the mail address and ask for a reset link
The user recovers the account and changes the password. The user now thinks its account is safe.
The attacker can use the reset link previously generated to change the password again and compromise the account again.

Credits

Thank you to Swapnil Jain for finding and reporting this issue.

References

CVE-2018-17298

CWE 640

CategoryAuthentication & LDAP

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toEmpty

StatusClosed

Close date2018-09-04

Attachments

Connected artifacts

Artifact links

Releases

Fixed in

	Artifact ID	Project	Tracker	Summary	Status	Last Update Date	Submitted By	Assigned to
	rel #11901	Tuleap	Releases	10.5	Delivered	2018-09-14 15:21	Manuel Vacelet (vaceletm)

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Referencing request #12219

Git commit

tuleap/tuleap/stable

Merge commit 'refs/changes/37/12537/2' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD b87d3b807f

Nicolas Terray (nterray) , 2018-09-04 11:58

request #12219: Reset passord links are not invalidated on password change 4050b0aafd

Thomas Gerbet (tgerbet) , 2018-09-03 14:37

Show items referenced by request #12219

Referenced by request #12219

Artifact Tracker v5

rel #11901 10.5

Other

gerrit #12537

Follow-ups

Thomas Gerbet (tgerbet)

2018-09-21 21:07

Adding CVE ID.

Original Submission

Something went wrong, the follow up content couldn't be loaded

Only formatting have been changed, you should switch to markup to see the changes

Thomas Gerbet (tgerbet)

2018-09-17 08:45

Public disclosure.

Nicolas Terray (nterray)

2018-09-04 11:58

gerrit #12537 integrated into Tuleap 10.4.99.161

Status changed from Under review to Closed
Connected artifacts
- Added Fixed in: rel #11901
Close date set to 2018-09-04

Thomas Gerbet (tgerbet)

2018-09-03 11:38

A patch is under review: gerrit #12537.

Original Submission

Something went wrong, the follow up content couldn't be loaded

Only formatting have been changed, you should switch to markup to see the changes
Status changed from Under implementation to Under review