A security researcher, callgh0st, has detailed a security flaw on rafah.com’s cloud management platform, which allows removed administrators to regain access to an organisation using a previously generated password reset link.
This action leads to privilege escalation and provides a route for full account takeovers.
The researcher discovered the issue when investigating a password reset function for other administrators while logged in as one.
The password reset URL was visible in the interface, which raised security concerns as URLs are typically obscured until opened.
The issue means that attackers can regain access to an account, disrupt actions carried out in another admin’s name and also impersonate other users by resetting their passwords.
Recommended fixes are to limit the visibility of reset links and to auto-invalidate all reset links accessed or generated by a user upon their removal.