FirstBlood-#113 — Account takeover of a doctor account is possible due to flawed logic in the registration process
This issue was discovered on FirstBlood v1
On 2021-05-10, bobbylin Level 4 reported:
An attacker can takeover the account of a doctor by registering with the same username and reusing the invitation code.
- Register a doctor account "jomar" and invitation code "F16CA47250E445888824A9E63AE445CE".
- You will see the password of "jomar".
- On another browser, register again as "jomar" with the same invitation code "F16CA47250E445888824A9E63AE445CE".
- You will see that the password of 'jomar' have changed without authorization by the original user.
Attacker can takeover the account of another doctor.
FirstBlood ID: 17
Vulnerability Type: Auth issues
Unintended: An account with the same username can be created which leads to the original account being deleted and replaced with the attackers