OpenFlights active debug code in password resetting

Summary

Active debug code in help/resetpw.php allows remote attackers to get the password reset link (which contains the password hash in the current implementation) via the unittest POST parameter.

Details

openflights/help/resetpw.php

Lines 71 to 74 in f53e452

    
           if (isset($_POST["unittest"])) { 
        
               echo $link . "***" .  $row['challenge']; 
        
               exit(0); 
        
           }

PoC

Send form data email=jpatokal%40iki.fi&unittest=true to https://openflights.org/help/resetpw.php.

Impact

Remote attackers can reset passwords and thus get control of user accounts, but the email of the user must be known in advance.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OpenFlights active debug code in password resetting

Package

Affected versions

Patched versions

Description

Summary

Details

PoC

Impact

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

CVE ID

Weaknesses

Credits

	if (isset($_POST["unittest"])) {
	echo $link . "***" . $row['challenge'];
	exit(0);
	}