Primary

Context

Coding Hut Login Bypass Vulnerability Allowing Account Takeover

Vulnerability

A vulnerability exists in the Coding Hut website (scratch-coding-hut.github.io) in versions through 1.0-beta3. The issue allows users to log into any account by simply changing the username in the login link. This is possible because the login link does not properly validate usernames, enabling unauthorized access to user accounts.

Impact

Exploitation of this vulnerability allows for unauthorized access to user accounts, bypassing normal authentication mechanisms.

Reproduction

To reproduce this vulnerability, create a login link for the Coding Hut website account page. Replace 'USERNAME' with any valid username, such as 'griffpatch'. The link will grant access to the corresponding account without proper authorization.

Remediation

The vulnerability has been addressed by implementing base64 encoding and decoding for usernames, and adding key shifting to further secure the login process.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Coding Hut Login Bypass Vulnerability Allowing Account Takeover

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating