transformeroptimus SuperAGI Information Disclosure Vulnerability in User Registration

A vulnerability allowing information disclosure exists in the latest version of transformeroptimus/superagi. This issue arises in the user registration process, where an attacker can leak sensitive information such as names, emails, and passwords by registering with an email that is already associated with an existing account. The server responds with all information linked to the email, exposing private user data.

Impact

Exploitation of this vulnerability allows for the unauthorized leakage of sensitive user information, including names, emails, and passwords, if they are stored improperly. This could lead to account compromise, privacy violations, and facilitate phishing or targeted social engineering attacks.

Reproduction

To reproduce this vulnerability, log into an account and then attempt to register a new account using an email address that is already in use. The server will return all information associated with the existing account, including sensitive details such as the password, name, email, and other personal information.