Session is not invalidated on password change --> https://my.zapinfo.io

Disclosed by
h_-_cker's avatar
h_-_cker
  • Engagement Indeed
  • Disclosed date about 2 years ago
  • Reward $100
  • Priority P4 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by h_-_cker

This session management vulnerability was found when Zapinfo platform was also supporting its own set of credentials instead of Indeed credentials only. The program's team is very professional to accept the issues when there's impact. It was resolved through parallel & independent changes to the application's authentication workflow.

Activity
  1. Kyle_indeed’s avatar
    Kyle_indeed Customer published the disclosure report

    ()

  2. h_-_cker’s avatar
    h_-_cker requested disclosure

    ()

  3. Indeed Jira Integration ’s avatar
    Indeed Jira Integration changed the state to Resolved

    ()

  4. h_-_cker’s avatar
    h_-_cker sent a message

    ()

  5. Kyle_indeed’s avatar
    Kyle_indeed Customer rewarded h_-_cker $100

    ()

  6. Kyle_indeed’s avatar
    Kyle_indeed Customer changed the state to Unresolved

    ()

  7. Kyle_indeed’s avatar
    Kyle_indeed Customer rewarded h_-_cker 5 points

    ()

  8. Kyle_indeed’s avatar
    Kyle_indeed Customer sent a message

    ()

  9. h_-_cker’s avatar
    h_-_cker sent a message

    ()

  10. Kyle_indeed’s avatar
    Kyle_indeed Customer sent a message

    ()

  11. Raven_Bugcrowd’s avatarbugcrowd logo
    Raven_Bugcrowd changed the state to Triaged

    ()

  12. Kyle_indeed’s avatar
    Kyle_indeed Customer resolved a blocker for Bugcrowd Operations by responding to comments

    ()

  13. soheesec_bugcrowd’s avatarbugcrowd logo
    soheesec_bugcrowd created a blocker on Indeed to respond to comments

    ()

  14. soheesec_bugcrowd’s avatarbugcrowd logo
    soheesec_bugcrowd sent a message

    ()

  15. h_-_cker’s avatar
    h_-_cker resolved a blocker for Indeed by providing information on reproduction

    ()

  16. h_-_cker’s avatar
    h_-_cker sent a message

    ()

  17. robert_bugcrowd’s avatarbugcrowd logo
    robert_bugcrowd created a blocker on the researcher to provide information on reproduction

    ()

  18. robert_bugcrowd’s avatarbugcrowd logo
    robert_bugcrowd sent a message

    ()

  19. Mason357_Bugcrowd’s avatarbugcrowd logo
    Mason357_Bugcrowd sent a message

    ()

  20. Mason357_Bugcrowd’s avatarbugcrowd logo
    Mason357_Bugcrowd changed the state to New

    ()

  21. Mason357_Bugcrowd’s avatarbugcrowd logo
    Mason357_Bugcrowd unmarked the submission as a duplicate

    ()

  22. h_-_cker’s avatar
    h_-_cker sent a message

    ()

  23. h_-_cker’s avatar
    h_-_cker sent a message

    ()

  24. h_-_cker’s avatar
    h_-_cker sent a message

    ()

  25. Raven_Bugcrowd’s avatarbugcrowd logo
    Raven_Bugcrowd sent a message

    ()

  26. Raven_Bugcrowd’s avatarbugcrowd logo
    Raven_Bugcrowd marked the submission a duplicate of a previously submitted report

    ()

  27. Raven_Bugcrowd’s avatarbugcrowd logo
    Raven_Bugcrowd changed the state to Not applicable

    ()

  28. Raven_Bugcrowd’s avatarbugcrowd logo
    Raven_Bugcrowd updated VRT to Broken Authentication and Session Management > Failure to Invalidate Session > On Password Reset and/or Change

    ()

  29. h_-_cker’s avatar
    h_-_cker created the submission

    ()