Bookwyrm 0.4.3 Authentication Bypass

Bookwyrm versions 0.4.3 and below suffer from an authentication bypass vulnerability due to a lack of rate limiting on OTP checks.

SHA-256 | 01182b49f5094c1c536e28a7cca127e1933e717f4d3a739892d462bc0afce375

# Exploit Title: Bookwyrm v0.4.3 - Authentication Bypass
# Date: 2022-08-4
# Exploit Author: Akshay Ravi
# Vendor Homepage:
# Software Link:
# Version: <= 4.0.3
# Tested on: MacOS Monterey
# CVE: CVE-2022-2651
# Original Report Link:

Description: Email Verification Bypass Leads To Account Takeover in bookwyrm-social/bookwyrm v0.4.3 Due To Lack Of Ratelimit Protection

# Steps to reproduce:

1. Create a acount with victims email id
2. When the account is created, its ask for email confirmation via validating OTP
Endpoint: https://site/confirm-email
3. Enter any random OTP and try to perfrom bruteforce attack and if otp matches, We can takeover that account

Related Posts