top of page
This site was designed with the
.com
website builder. Create your website today.Start Now
Search
  • Writer's pictureHackt3r
    • Mar 6, 2022
    • 3 min read

Weak Registration Implementation

Welcome back, everyone…


Today let us learn some P4 vulnerabilities related to Broken Authentication and Session Management. Let us dive into our maze.



Weak Registration Implementation — Over HTTP

What is weak registration? Registration is a process to get yourself enrolled in something, like signing up for something. When it comes to websites, we always are concerned about privacy and integrity. So we choose the website that is more secure than the one which is not. Registration is a process that takes the information from the user stores it and uses it to authenticate the user next time he/she tries to log in. This information is personal and is not to be shared with anyone. So storing and changing this information should be secured in the best way possible.


Now when we log in to a website the basic information we give over is our email and password. So these are the basic info and still strong enough info to be misused. Let us understand the scenario with an example


Let there be a website named https://abc.com. By seeing the https we proceed to the website thinking it is safe, that is true to some extent. But we still need to check if it is using this https for all of their communications. If it fails to use this https for all of their communications then it can be exploited and is a vulnerability.


Now we signup for this website abc.com, using email and a password. To really confirm that the email address is yours, the website sends you a confirmation email. You just need to click on the email and your email will be confirmed. But here comes the play. Some websites send this confirmation link over HTTP rather than HTTPS. So if someone is looking into your network and tries to steal your information they can easily do it as it is not a secure passway. Let us see how to find it.


Steps to follow:

  1. Sign up for an account.

  2. Go to your inbox and open the confirmation email.

  3. Don’t click on the button they provide to confirm.

  4. Rather copy the link of it by right-clicking the button and copying the address of the button.

  5. Now open a notepad or any editor and paste the link.

  6. See if it is beginning with http://….

  7. If yes then it is not sending you the confirmation link over https, which is not a safe passageway. This means your info can be captured or sniffed by a third person.

This is something websites should look into. Even though it is not a serious vulnerability it still needs to be addressed.


Weak Password Reset Implementation — Password Reset Token Sent Over HTTP

So now as you got some idea about what it is, I hope you might have an idea of how this vulnerability works. Take some time to figure this out before you move on and see if you can guess is right.


Steps to find this vulnerability :

  1. Go to the login page of the website.

  2. Click on the Password Reset button.

  3. You will get an email to your inbox to change the password.

  4. Like we did before don’t click on the link directly, rather copy its address.

  5. Open notepad or text editor and paste it and see if it starts with http://…

  6. If yes then we got a serious vulnerability.

Since this is a password reset function and passwords are considered sensitive information of a user, they have to be dealt with in a more secure way. So if it is having http rather than https then its passage will be open and anyone who wishes to sniff your network can easily see it and even manipulate it to change it and take over your account. We can also link this to Rate Limiting and can perform a series of actions. Check out my article about Rate Limiting on how to perform and find one. Rate Limiting can improve the impact of the vulnerability.


So such scenarios where the registration is implemented over http is called weak registration and is considered P4 in bugcrowd. I have just submitted a report of it in bugcrowd and hopefully, wish it to get triaged. I will let you know in my next article👍


That’s all from my side today and catch you up again in the next post with another vulnerability. I would love to hear your feedback and improve myself. Check out my Instagram to get more updates and tricks.


Till then take care and Happy Hacking!!!👋👋

8 views0 comments

Recent Posts

See All
bottom of page