Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos
Apr 20th 2023
I have discovered a vulnerability where any user can modify another user's data including password simply by intercepting and changing the access token of the JWT using https://token.dev. The system does not verify whether the JWT token was issued by the server or not, allowing it to accept the edited JWT token. This can lead to unauthorized modification or changing of the email address, and password and other personal data of any user.
Proof of Concept
This vulnerability can have significant consequences on the security of the affected system. By allowing unauthorized users to modify the data of other users, it can result in the following:
Account Takeover: An Attacker can change the password of any user just by using forged JWT token.
Privacy violations: Any unauthorized modifications to a user's email can lead to privacy violations as sensitive information can be exposed or accessed without the user's consent.
Data breaches: If a user's email is changed, it can result in unauthorized access to sensitive information that may result in a data breach. This can lead to legal and financial consequences for both the users and the organization.
Attacker can use the further information to defame the users or organization.