Predictable password reset token may lead to account takeover
Package
countly-server
(Custom installation)
Affected versions
< 22.03.7, < 21.11.4
Patched versions
>= 22.03.7, >= 21.11.4
Description
Credits
-
HakuPiku Analyst
Impact
If the malicious actor knows the account email address/username and full name specified in the database, it drastically increases the chances of guessing the password reset token. Which upon resetting the password allows an account takeover.
Patches
The problem has been patched in Countly Server version 22.03.7 for new UI servers. And in 21.11.4 for old UI servers
Workarounds
Here is the committed fix: 2bfa1ee
For more information
If you have any questions or comments about this advisory: