Mass Accounts Takeover Without any user Interaction at https://app.taxjar.com/
High
S
Stripe
Submitted None
Team Summary
Official summary from Stripe
@mr_asg discovered an improper access control issue in TaxJar. This could have allowed for account takeover using the email change functionality. The vulnerability was caused by not correctly validating whether or not the reset password token was connected to the user being reset and was resolved by relying on the user fetched from the reset password token itself instead of the account ID provided in the URL.
Actions:
Reported by
mr_asg
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$13000.00
Submitted
Weakness
Authentication Bypass Using an Alternate Path or Channel