Headline
Bookwyrm 0.4.3 Authentication Bypass
Bookwyrm versions 0.4.3 and below suffer from an authentication bypass vulnerability due to a lack of rate limiting on OTP checks.
# Exploit Title: Bookwyrm v0.4.3 - Authentication Bypass# Date: 2022-08-4# Exploit Author: Akshay Ravi# Vendor Homepage: https://github.com/bookwyrm-social/bookwyrm# Software Link: https://github.com/bookwyrm-social/bookwyrm/releases/tag/v0.4.3# Version: <= 4.0.3# Tested on: MacOS Monterey# CVE: CVE-2022-2651# Original Report Link: https://huntr.dev/bounties/428eee94-f1a0-45d0-9e25-318641115550/Description: Email Verification Bypass Leads To Account Takeover in bookwyrm-social/bookwyrm v0.4.3 Due To Lack Of Ratelimit Protection# Steps to reproduce:1. Create a acount with victims email id2. When the account is created, its ask for email confirmation via validating OTP Endpoint: https://site/confirm-email3. Enter any random OTP and try to perfrom bruteforce attack and if otp matches, We can takeover that accountRelated news
CVE-2022-2651: Email Verification Bypass Leads To Account Takeover in bookwyrm
Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.