After a small break on bug bounty, I started hunting on the Cloudflare Bug Bounty program. This write-up is about the Password Policy Restriction Bypass.

Almost Every organization is following a strong password policy on their application. Sometimes It depends on the product. E.g crypto, banking, e-commerce application. A strong Password policy is compulsory for compliance as well. For more details about the password policy.

Let's come to the main picture…

I started looking for bugs in the Cloudflare application. This is my 2nd valid report on the Cloudflare Bug Bounty program. The first issue is related to Blind SSRF. The report has already been disclosed.

Cloudflare has a strong password policy in place. It should be an 8-character long, special character, and number, but it's only on UI. If the attacker intercepts the Signup API Endpoint and he can able to set a weak password for his account.

Exploit Part:

Navigated into the Cloudflare signup/reset page and entered all the details with a strong password on the UI. Then captured the signup request using Burp-Suite (Proxy- tool). Manipulated strong password to weak password (E.g Hacker@123 to Hacker).

Then I forwarded this request to the server and got a 200 ok response. So my weak password got updated. This way, a user could set up weak passwords for their account. It's a security and compliance issue.

Report Details:

• August 21 — Reported to Cloudflare program on HackerOne
• August 22 — Report got triaged
• August 23 — Rewarded $200 + $50 bonus for well-written report.
• August 23 — Request for a retest
• August 23 — Issue fixed and got a reward of $50 for a retest.

The total bounty received from this report is $300. Currently, I am under the top 6 hunters on Cloudflare Bug Bounty Program.

Thanks for reading!….Happy Hacking!

Linkedin: Lohith Gowda M

Twitter: lohigowda_in

Instagram: lohigowda.in

Portfolio: https://www.lohigowda.in/