TitanSystems Zender Password Reset Vulnerability Allows Account Takeover
Vulnerability
A vulnerability allowing account takeover has been identified in TitanSystems Zender version 3.9.7. The issue arises from the password reset functionality, where a temporary password or reset token issued to one user can be used to log in as another user. This flaw is due to improper validation of the token-user linkage, allowing remote attackers to gain unauthorized access to any user account by exploiting the password reset mechanism. The vulnerability occurs because the reset token is not correctly bound to the requesting account and is accepted for other user emails during login, enabling privilege escalation and information disclosure.
Impact
Exploitation of this vulnerability allows unauthorized access to user accounts, including those with administrative privileges.
Reproduction
To reproduce this vulnerability, initiate a password reset request for any user account. The system will generate a temporary password or token. This token can then be used to log in as the user whose email was targeted, bypassing normal authentication processes.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.