Account verification bypass on translate.kromtech.com
Medium
C
Clario
Submitted None
Team Summary
Official summary from Clario
# Account verification bypass on translate.kromtech.com ## Summary: An account could be registered on translate.kromtech.com but the functionality returns "Access denied or Your user wasn't activated yet. ". But it's implemented in a strange way, every time we make a request that requires user to be activated we receive a full response with all the data we asked for, but with 302 status code redirecting us to /access-denied . ## Steps To Reproduce: A simple match-replace Burp rule could be created to bypass this implementation
Actions:
Reported by
rumiljonov
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Authentication Bypass Using an Alternate Path or Channel