Sensitive Data Exposure or Password Disclosure in H1C Private site



Hello Friends,

Recently, I found a critical bug in private site which discloses all sensitive data or information of users.





The bug exist in forgot password page. I just enter my email in forgot password page and try to reset the password and the site discloses all information of my account in response.While resetting, I just Intercept the request through Burp and send to repeater and change my email to any registered user email and click on 'Go'. In response, site discloses user sensitive information like phone number etc. along with a password in Sha256 hash.
After decrypting the hash, hacker gets the password.
Also, we don't need to decrypt the password hash we can directly use password hash by modifying the requests. 

 



Conclusion:

Always check forgot password page or forgot password functionality for vulnerabilities. You'll get the idea.

 
Thanks for reading.

Comments

Post a Comment

Popular posts from this blog

A Tricky Open Redirect

DoS on WAF Protected Sites by Abusing Cookie

Email Spoofing for Beginners