PrestaShop User Enumeration Vulnerability in AdminLoginController Allowing Email Disclosure

A user enumeration vulnerability has been identified in the AdminLoginController of PrestaShop versions 1.7 through 8.2.2. This vulnerability allows remote attackers to obtain email addresses of administrators by manipulating the id_employee and reset_token parameters in the password reset feature. The issue arises because the application does not properly validate the reset_token before assigning template variables, enabling systematic enumeration of Back Office user emails.

Impact

Exploitation of this vulnerability leads to unauthorized disclosure of administrator email addresses.

Reproduction

To reproduce this vulnerability, access the password reset form on the Back Office login page. Supply a valid id_employee parameter along with an invalid reset_token. The application will still process the request and include the associated email address in a hidden field, despite the token's invalidity. This behavior can be exploited to enumerate email addresses by iterating through id_employee values.

Remediation

Users can update to PrestaShop version 8.2.3, where this vulnerability has been fixed.