Aikaan IoT Management Platform Password Exposure Vulnerability in Activation Links

A vulnerability in the Aikaan IoT management platform, specifically in version 3.25.0325-5-g2e9c59796 and earlier, allows for the exposure of initial account passwords. During the onboarding process, the platform sends activation emails containing the new password in plaintext. Additionally, this password is included as a query parameter in the activation URL. This practice can lead to password exposure through various means such as browser history, proxy logs, referrer headers, and email caching. As a result, the vulnerability compromises the confidentiality of user credentials during the onboarding phase.

Impact

Exploitation of this vulnerability allows an attacker to access the initial account password through intercepted or stored copies of the activation link, fully compromising the user's account.

Reproduction

The vulnerability can be reproduced by signing up for a new account on the Aikaan IoT management platform. After registration, the activation email will be received, which includes the password in plaintext. The same password will be embedded in the activation link as a query parameter. This link can be accessed from email, browser history, or proxy logs, exposing the password and allowing for account compromise.