Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0ybTVnLTh4cHctNDJ2cM4AA8GP
OpenCFP Framework (Sentry) Account takeover via null password reset codes
OpenCFP, an open-source conference talk submission system written in PHP, contains a security vulnerability in its third-party authentication framework, Sentry, developed by Cartalyst. The vulnerability stems from how Sentry handles password reset checks. Users lacking a password reset token stored in the database default to having NULL in the reset_password_code column. Exploiting this flaw could allow unauthorized manipulation of any OpenCFP user's password, particularly those without an unused password reset token. Although successful login still requires correlating the numeric user ID with an email address, the identification of likely organizers (users 1-5) may facilitate this process.
Permalink: https://github.com/advisories/GHSA-2m5g-8xpw-42vpJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0ybTVnLTh4cHctNDJ2cM4AA8GP
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 7 months ago
Updated: 7 months ago
CVSS Score: 8.9
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
Identifiers: GHSA-2m5g-8xpw-42vp
References:
- https://github.com/FriendsOfPHP/security-advisories/blob/master/cartalyst/sentry/2016-09-05.yaml
- https://web.archive.org/web/20180119075946/https://haxx.ml/post/149975211631/how-i-hacked-your-cfp-and-probably-some-other
- https://github.com/advisories/GHSA-2m5g-8xpw-42vp
Affected Packages
packagist:cartalyst/sentry
Dependent packages: 74Dependent repositories: 1,150
Downloads: 1,197,069 total
Affected Version Ranges: <= 2.1.6
No known fixed version
All affected versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6