Insufficient Password Verification Affecting cartalyst/sentry package, versions <2.1.7
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-CARTALYSTSENTRY-70011
- published 4 Oct 2016
- disclosed 4 Oct 2016
- credit Unknown
How to fix?
Upgrade cartalyst/sentry to version 2.1.7 or higher.
Overview
Affected versions of cartalyst/sentry are vulnerable to Insufficient Password Verification. The schema for Eloquent-based users has reset_password_code set to NULL by default. The check for correct $resetCode simply does an equality comparison and returns true if there is a loose match.
If an attacker is able to provide a null reset code to the package, there are no guards against arbitrary anonymous password resets. In many cases, submitting a url-encoded null byte value (%00) will match what's in the database, passing the check and allowing the attacker to set the password to what they wish.