Flowise Password Reset Link Sent Over Unsecured HTTP Vulnerability

A vulnerability exists in Flowise versions prior to 3.1.0, where the password reset functionality on cloud.flowiseai.com transmits reset links over an unsecured HTTP connection instead of HTTPS. This flaw exposes users to potential man-in-the-middle (MITM) attacks, allowing attackers on the same network to intercept the reset link and gain unauthorized access to the user's account.

Impact

Exploitation of this vulnerability allows an attacker to intercept password reset links, hijack the password reset process, and potentially compromise the user's account.

Reproduction

To reproduce this vulnerability, sign up for an account on cloud.flowiseai.com. After creating an account, navigate to the 'forgot password' page and enter your email address. Once you receive the password reset email, copy the reset link and inspect its protocol. The link will be sent over HTTP instead of HTTPS, demonstrating the vulnerability.

Remediation

Users are advised to ensure that all password reset links are sent over HTTPS. Flowise has released a patch in version 3.1.0 that addresses this vulnerability.