Open Bug 1768149 Opened 3 years ago Updated 3 years ago

OAuth Misconfiguration Leads to Pre Account Takeover

Categories

(Pocket :: getpocket.com, defect)

Product:
Pocket
Component:
getpocket.com
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: 2001xroneil, Assigned: support)

Details

Attachments

(1 file)

GETPOCKET POC.mp4
7.49 MB, video/mp4
Details
Attached video GETPOCKET POC.mp4

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Steps to reproduce:

Steps:

  1. open mozilla
  2. go to https://getpocket.com/
  3. sign up using mail id
  4. after signing up or creating an account log out
  5. then sign in using gmail same as the mail that you same as the mail id used to sign up for the account.
    It automatically logs in the account it doesn't said that your account is already registered in our server.
    If you try it in other website you will not be allowed to log in because an account has already been registered with that email id.

Actual results:

Description: OAuth-based vulnerability is when the configuration of the OAuth service itself enables attackers to steal authorization associated with other users' accounts. There's a limitation that requires a validated email before going through the oauth flow, however this is bypassable. Bypassing this behaviour can frequently lead to account takeover. Either don't let the user enter with aouth when there's already another account created with the same email or let the user enter. so the impact is it does not authenticate the real user attackers can easily take over the account.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: