$750 Bounty: for HTTP Reset Password Link in Mattermost
1 min read
Summary
Security researcher uchihaluckycs discovered a vulnerability in Mattermost’s password reset process that could allow an attacker to intercept the reset token when it is sent over HTTP rather than the usual secure HTTPS.
The researcher was able to demonstrate the ability to request a password reset, have it sent via HTTP rather than HTTPS, and then intercept the token to gain unauthorized access to the system.
Mattermost fixed the issue by prompting the user to enter their email to receive a reset link rather than having the process automated and sent via HTTP.
The discovery earned the researcher a $750 bounty.
This shows how one small misconfiguration can cause big security issues. underestimate the power of secure communications like HTTPS.