Recently change email but still login with old email

Disclosed: 2020-09-29 07:46:12 By xcracker420 To nextcloud

High

Vulnerability Details

Hi team, I have been found vulnerability on email verification which can be account takeover (Authentication bypass) Recently I have been change my email ████ but still login with old email ██████ --https://efss.qloud.my/index.php/settings/user ## Impact Impact If victim's email account is still logged into his/her old gmail account . Then any external attacker can use the unused same email for account takeover https://efss.qloud.my/index.php/settings/user

Actions

View on HackerOne

Report Stats

Report ID: 986459
State: Closed
Substate: informative
Upvotes: 3

Recently change email but still login with old email

Vulnerability Details

Actions

Report Stats

Share this report