CVE-2020-7245

Published: Jan 23, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. To exploit the vulnerability, one must register with a username identical to the victim's username, but with white space inserted before and/or after the username. This will register the account with the same username as the victim. After initiating a password reset for the new account, CTFd will reset the victim's account password due to the username collision.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/CTFd/CTFd/pull/1218

x_refsource_MISC

https://github.com/CTFd/CTFd/releases/tag/2.2.3

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-7245

Description

Affected Products

References