Email verification bypass via remember me functionality

Question

Email verification bypass via remember me functionality

adityaax opened this issue 5 months ago · 1 comments

Bug Description:
During sign up we need to verify the email but we can bypass the verification by just clicking the remember me button and changing the URL path.

Steps to reproduce:

1. Go to https://dashboard.example.com/signup and create a dummy account.
2. You will be asked to verify the account and the URL will be- https://dashboard.example.com/signup/pending/uri849hfjhd.
3. Now simply remove the /signup/pending/uri849hfjhd and make the URL- https://dashboard.example.com/
4. Now you will be redirected to https://dashboard.example.com/login
5. Enter the email/password that you used to create the account in step 1.
6. Click on 'remember me' button and click on Login.
7. Now you will again redirected to this path- https://dashboard.example.com/signup/pending/uri849hfjhd
8. Simply follow the above step 3[remove /signup... path in the URL and make it https://dashboard.example.com/] and you will be logged into the account without email verification.

Impact:
Email verification bypass could enable an attacker to do pre-account takeover and he can create any number of dummy accounts.

Recommendation:
Remember me functionality must verify whether the account is verified or not.

POC:
Please let me know how can I share the POC video privately because the bug is still not fixed on the application which I found on.

Answer 1 · 2024-07-28T06:16:47.000Z

You can update here once it's fixed