$35,000 Bounty: How Inappropriate Access Control Led to GitLab Account Takeover

#programming #cybersecurity #gitlab

Introduction
In cybersecurity, vulnerabilities can arise from the most unexpected defects. A recent account takeover vulnerability via password reset without user interaction demonstrated how a simple access control flaw could lead to full account compromise.

In this article, we will explain how the vulnerability was identified, how attackers exploited it, and how developers can secure web applications from similar threats.

Timeline
Date Reported: December 20, 2023
Severity: Critical (10.0 CVSS)
Bounty Awarded: $35,000
Disclosed: February 26, 2025

What is Account Takeover via Password Reset?
Password reset-based account takeover occurs when attackers manipulate the password reset feature of an application to gain unauthorized access to a user’s account. This flaw is often caused by improper validation or missing authorization checks.

How the Vulnerability Worked
The vulnerability was found in GitLab’s password reset functionality. It allowed attackers to receive password reset links intended for victims by modifying the request payload.

Steps to Exploit
Visit the Forgot Your Password? page...

Click Here to Read the Complete Article on Medium -

$35,000 Bounty: How Inappropriate Access Control Led to GitLab Account Takeover | by Karthikeyan Nagaraj | Mar, 2025 | Medium

Karthikeyan Nagaraj ・ Mar 1, 2025 ・
cyberw1ng.Medium

Your AI Code Assistant

Ask anything about your entire project, code and get answers and even architecture diagrams. Built to handle large projects, Amazon Q Developer works alongside you from idea to production code.

Start free in your IDE