Headline
GHSA-2hp9-3xfr-r9w2: Insufficient token expiration in Serenity
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2023-31287
Insufficient token expiration in Serenity
Moderate severity GitHub Reviewed Published Apr 27, 2023 to the GitHub Advisory Database • Updated Apr 27, 2023
Package
nuget Serenity.Net.Core (NuGet)
Affected versions
< 6.7.0
nuget Serenity.Net.Web (NuGet)
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.
References
- https://nvd.nist.gov/vuln/detail/CVE-2023-31287
- serenity-is/Serenity@11b9d26
Published to the GitHub Advisory Database
Apr 27, 2023
Last updated
Apr 27, 2023
Related news
Serenity and StartSharp Software versions prior to 6.7.1 suffer from file upload to cross site scripting, user enumeration, and reusable password reset token vulnerabilities.
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.