I have found a Current Password Validation Bypass bug on Envoy that allows attacker to bypass the current password protection. This occurs due to lack of server side validations. Server isn’t checking the current password inputted by the user.
Current password field are implemented on the site to prevent malicious user from changing the sensitive information.
This protection can be bypassed in two ways:
– Using a proxy e.g: BurpSuite , then remove current password parameter from the post data.
– Using Inspect Element, then remove current password field from page.
Proof of Concept:
– Goto edit profile
– Change password
– Remove current password field using inspect element
– Save Profile
Password updated without current password.
Got My First Bounty 😁 :