Impact

If the malicious actor knows the account email address/username and full name specified in the database, it drastically increases the chances of guessing the password reset token. Which upon resetting the password allows an account takeover.

Patches

The problem has been patched in Countly Server version 22.03.7 for new UI servers. And in 21.11.4 for old UI servers

Workarounds

Here is the committed fix: 2bfa1ee

For more information

If you have any questions or comments about this advisory:

• Open an issue in Countly Server repo
• Email us at [email protected]