$35,000 Bounty: How Inappropriate Access Control Led to GitLab Account Takeover

Karthikeyan NagarajKarthikeyan Nagaraj
1 min read

Introduction

In cybersecurity, vulnerabilities can arise from the most unexpected defects. A recent account takeover vulnerability via password reset without user interaction demonstrated how a simple access control flaw could lead to full account compromise.

In this article, we will explain how the vulnerability was identified, how attackers exploited it, and how developers can secure web applications from similar threats.

Timeline

  • Date Reported: December 20, 2023

  • Severity: Critical (10.0 CVSS)

  • Bounty Awarded: $35,000

  • Disclosed: February 26, 2025

What is Account Takeover via Password Reset?

Password reset-based account takeover occurs when attackers manipulate the password reset feature of an application to gain unauthorized access to a user’s account. This flaw is often caused by improper validation or missing authorization checks.

How the Vulnerability Worked

The vulnerability was found in GitLab’s password reset functionality. It allowed attackers to receive password reset links intended for victims by modifying the request payload.

Steps to Exploit

  1. Visit the Forgot Your Password? page...

Click Here to Read the Complete Article on Medium

https://cyberw1ng.medium.com/35-000-bounty-how-inappropriate-access-control-led-to-gitlab-account-takeover-39e071b6d9cc
0
Subscribe to my newsletter

Read articles from Karthikeyan Nagaraj directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#cybersecuritybugbountyProgramming Blogs

Written by

Karthikeyan Nagaraj
Karthikeyan Nagaraj