Current Password Validation Bypass in Envoy

Hi Guys,
I have found a Current Password Validation Bypass bug on Envoy that allows attacker to bypass the current password protection. This occurs due to lack of server side validations. Server isn’t checking the current password inputted by the user.

Current password field are implemented on the site to prevent malicious user from changing the sensitive information.envoy

This protection can be bypassed in two ways:

– Using a proxy e.g: BurpSuite , then remove current password parameter from the post data.

– Using Inspect Element, then remove current password field from page.

Proof of Concept:

– Goto edit profile

– Change password

– Remove current password field using inspect element

– Save Profile

Password updated without current password.

Got My First Bounty 😁 :

Video Demo:

Special Thanks to Shawar.

 

2 thoughts on “Current Password Validation Bypass in Envoy

Leave a Reply

Your email address will not be published. Required fields are marked *

14 − seven =