PHPJabbers Shared Asset Booking System Rate Limiting Vulnerability in Forgot Password Feature
Vulnerability
A denial-of-service vulnerability has been identified in PHPJabbers Shared Asset Booking System version 1.0, stemming from a lack of rate limiting in the 'Forgot Password' feature. This flaw allows attackers to inundate a legitimate user's email with excessive password reset requests, potentially leading to email account disruption.
Impact
Exploitation of this vulnerability can cause a denial-of-service condition by generating a large volume of email messages, which may overwhelm the user's email account.
Reproduction
To reproduce this vulnerability, log into the PHPJabbers Shared Asset Booking System demo site. Use an email address that is already registered. Capture the password reset request using Burp Suite, then send multiple requests to the 'Forgot Password' feature. Check the email inbox for the received password reset messages.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.