Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve the reset token for any user by simply querying the user's email, leading to full Account Takeover (ATO) without requiring access to the victim's email inbox. This vulnerability is fixed in 1.6.3.
The password reset page in the Known application embeds the reset token directly in a hidden HTML form field that is publicly accessible. An attacker, knowing the victim's email address, can send a password reset request and then read the token directly from the page source code without needing to intercept the email message. With the token, the attacker can set a new password and gain full control over the victim's account (Account Takeover, ATO).
An attacker gains full control over any user account on the platform, including access to published content, personal data, and the ability to act on behalf of the victim. The exploit requires no authentication or interaction from the victim.
Known should be updated immediately to version 1.6.3, in which the vulnerability has been fixed. The patch is available in the vendor's GitHub repository (tag 1.6.3, commit 8439a07). Until the update is applied, it is recommended to restrict access to the password reset page or temporarily disable this functionality.
Known (social platform) in versions 1.6.2 and earlier (product: Withknown Known).
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWithknown Known
APPWithknown< 1.6.3
Related vulnerabilities
SSRF w platformie Idno (Known) — ominięcie CSRF i dostęp do wewnętrznych zasobów
Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability v...
Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header inj...
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR).
A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execut...