This write-up discusses a significant business logic flaw in a crypto wallet website that allows the takeover of a victim’s wallet account through the reuse of email verification codes. By exploiting this weakness, an attacker can bypass password requirements and set up two-factor authentication (2FA) on another user’s account. This vulnerability poses a direct threat to crypto wallet services and their users. Affected: crypto wallet users, redacted.com
Keypoints :
- Identified a business logic flaw in a crypto wallet service.
- The flaw allows attackers to take over victim accounts using reused verification codes.
- Users must verify their email and set up 2FA during registration.
- The verification URL can be accessed without a password, revealing a security vulnerability.
- An attacker can log in as another user if they possess the victim’s verification code.
- 2FA can be overridden even if already configured, posing a further risk.
- The verification code is unique and random, making brute force attempts ineffective.
- Positive response and reward received from the security team after reporting the flaw.
- Encourages ethical reporting of security issues without expecting rewards in return.
- Stresses the importance of proactive security measures in online applications.
Full Story: https://infosecwriteups.com/business-logic-flaw-worth-1250-35efcd1b9af9?source=rss—-7b722bfd1b8d—4